Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c2e6980e by security tracker role at 2026-06-09T19:13:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,78 +1,1028 @@
-CVE-2026-45446 [Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and
AES-SIV modes]
+CVE-2026-9279 (Logseq exposes an IPC handler that allows the renderer process
to exec ...)
+ TODO: check
+CVE-2026-9213 (A vulnerability inthe affectedNETGEAR gaming routers
allowsattackers w ...)
+ TODO: check
+CVE-2026-9212 (Insufficient authentication and input validation in thelisted
NETGEAR ...)
+ TODO: check
+CVE-2026-9211 (An unauthenticated user on the local network can gain control
of the r ...)
+ TODO: check
+CVE-2026-9210 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
+ TODO: check
+CVE-2026-8863 (Multiple version of UEFI SHIM bootloaders are vulnerable to
SecureBoo ...)
+ TODO: check
+CVE-2026-8677 (The Prime Elementor Addons \u2013 Lightweight Elementor Widgets
for Fa ...)
+ TODO: check
+CVE-2026-8599 (The MailerPress \u2013 Email Marketing, Newsletter, Email
Automation & ...)
+ TODO: check
+CVE-2026-8365 (The Blocksy theme for WordPress is vulnerable to PHP Object
Injection ...)
+ TODO: check
+CVE-2026-8045 (CWE-611 Improper Restriction of XML External Entity Reference
vulnerab ...)
+ TODO: check
+CVE-2026-8025 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2026-7542 (The Slider Revolution plugin for WordPress is vulnerable to
Sensitive ...)
+ TODO: check
+CVE-2026-7486 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2026-6899 (Check for certificate revocation only considers the first
matching CRL ...)
+ TODO: check
+CVE-2026-5068 (A remote, unauthenticated BLE peer can trigger a 2-byte
out-of-bounds ...)
+ TODO: check
+CVE-2026-52902 (A path traversal vulnerability was found in awxkit, the CLI
tool for A ...)
+ TODO: check
+CVE-2026-50636 (The RemoteControl API methods invite_participants and
remind_participa ...)
+ TODO: check
+CVE-2026-50635 (LimeSurvey constructs account password-reset links from the
client-sup ...)
+ TODO: check
+CVE-2026-50512 (Missing authentication for critical function in Microsoft PC
Manager a ...)
+ TODO: check
+CVE-2026-50511 (Improper link resolution before file access ('link following')
in Micr ...)
+ TODO: check
+CVE-2026-50508 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2026-50507 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-4058 (The User Frontend: AI Powered Frontend Posting, User Directory,
Profil ...)
+ TODO: check
+CVE-2026-49959 (Hermes WebUI before version 0.51.311 contains a remote code
execution ...)
+ TODO: check
+CVE-2026-49958 (Hermes WebUI before version 0.51.303 contains a time-of-check
time-of- ...)
+ TODO: check
+CVE-2026-49957 (Hermes WebUI before version 0.51.269 contains a workspace
boundary byp ...)
+ TODO: check
+CVE-2026-49956 (Hermes WebUI before version 0.51.269 contains a profile
isolation bypa ...)
+ TODO: check
+CVE-2026-49955 (Hermes WebUI before version 0.51.270 contains a resource
exhaustion vu ...)
+ TODO: check
+CVE-2026-49948 (Mem0 versions through 0.2.8, fixed in commit ae7f406, contain
a missin ...)
+ TODO: check
+CVE-2026-49938 (A improper access control vulnerability in Fortinet
FortiPortal 7.4.0 ...)
+ TODO: check
+CVE-2026-49848 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2026-49847 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2026-49843 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2026-49842 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2026-49841 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2026-49840 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2026-49762 (Uncontrolled Resource Consumption vulnerability in the Elixir
standard ...)
+ TODO: check
+CVE-2026-49742 (Backend users with file download permissions were able to
download fil ...)
+ TODO: check
+CVE-2026-49741 (Backend users with write access to the form_definition
database table ...)
+ TODO: check
+CVE-2026-49740 (TYPO3's cache frontend (VariableFrontend) and persistent
key-value sto ...)
+ TODO: check
+CVE-2026-49738 (The path allowance check in GeneralUtility::isAllowedAbsPath()
perform ...)
+ TODO: check
+CVE-2026-49475 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2026-49472 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2026-49161 (Improper access control in Microsoft PC Manager allows an
authorized a ...)
+ TODO: check
+CVE-2026-49160 (Uncontrolled resource consumption in HTTP/2 allows an
unauthorized att ...)
+ TODO: check
+CVE-2026-48583 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
+ TODO: check
+CVE-2026-48578 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+ TODO: check
+CVE-2026-48576 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+ TODO: check
+CVE-2026-48575 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+ TODO: check
+CVE-2026-48574 (Heap-based buffer overflow in Windows Media allows an
unauthorized att ...)
+ TODO: check
+CVE-2026-48573 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+ TODO: check
+CVE-2026-48570 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+ TODO: check
+CVE-2026-48569 (Improper input validation in Visual Studio Code allows an
unauthorized ...)
+ TODO: check
+CVE-2026-48568 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+ TODO: check
+CVE-2026-48566 (Out-of-bounds read in Windows DWM Core Library allows an
authorized at ...)
+ TODO: check
+CVE-2026-48565 (Untrusted search path in Windows Narrator Braille allows an
authorized ...)
+ TODO: check
+CVE-2026-48563 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-48562 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-48560 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-48304 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48301 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48300 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48299 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48297 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48293 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by an ...)
+ TODO: check
+CVE-2026-48289 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48288 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48280 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48271 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48268 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48266 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48265 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48264 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48258 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48256 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48251 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-48250 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47993 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47991 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47990 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47989 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47987 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47986 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47985 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47983 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47982 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47981 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47980 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47978 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47977 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47975 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47974 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47973 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47972 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47970 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47966 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47962 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47958 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47957 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47956 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47954 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47953 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47951 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47950 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47949 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47948 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47947 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47946 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47945 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47944 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47943 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47942 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47941 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47939 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47936 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47935 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-47901 (Logseq is vulnerable to a sandbox escape flaw where plugins
running in ...)
+ TODO: check
+CVE-2026-47900 (Logseq is vulnerable to a stored cross-site scripting (XSS). A
malicio ...)
+ TODO: check
+CVE-2026-47899 (The Electron preload script in Logseq exposes an API method
that allow ...)
+ TODO: check
+CVE-2026-47656 (Protection mechanism failure in Windows Boot Manager allows an
authori ...)
+ TODO: check
+CVE-2026-47654 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-47653 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-47652 (Out-of-bounds read in Windows Hyper-V allows an unauthorized
attacker ...)
+ TODO: check
+CVE-2026-47648 (Untrusted search path in Windows Storage allows an authorized
attacker ...)
+ TODO: check
+CVE-2026-47643 (External control of file name or path in Azure Stack Edge
allows an un ...)
+ TODO: check
+CVE-2026-47641 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-47640 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-47639 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-47638 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-47637 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-47636 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-47635 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2026-47634 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-47631 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-47352 (Authenticated backend users were able to retrieve file
metadata via se ...)
+ TODO: check
+CVE-2026-47351 (Backend users were able to insert arbitrary records and files
into the ...)
+ TODO: check
+CVE-2026-47350 (Backend users were able to move records to a different page
without ha ...)
+ TODO: check
+CVE-2026-47349 (Backend users with access to the Recycler module were able to
restore ...)
+ TODO: check
+CVE-2026-47348 (Editors with access to create or modify page content were able
to incl ...)
+ TODO: check
+CVE-2026-47347 (Applications that use GeneralUtility::sanitizeLocalUrl to
allow only l ...)
+ TODO: check
+CVE-2026-47346 (Backend users with file write permissions were able to upload
form def ...)
+ TODO: check
+CVE-2026-47343 (Non-privileged backend users with file mount access were able
to perfo ...)
+ TODO: check
+CVE-2026-47298 (Improper authorization in Microsoft Office SharePoint allows
an author ...)
+ TODO: check
+CVE-2026-47293 (Use after free in Microsoft Office Click-To-Run allows an
authorized a ...)
+ TODO: check
+CVE-2026-47292 (Inclusion of functionality from untrusted control sphere in
Visual Stu ...)
+ TODO: check
+CVE-2026-47291 (Integer overflow or wraparound in Windows HTTP.sys allows an
unauthori ...)
+ TODO: check
+CVE-2026-47289 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-47288 (Integer overflow or wraparound in Windows Kerberos allows an
authorize ...)
+ TODO: check
+CVE-2026-47287 (Relative path traversal in Visual Studio Code allows an
unauthorized a ...)
+ TODO: check
+CVE-2026-47284 (Exposure of sensitive information to an unauthorized actor in
Visual S ...)
+ TODO: check
+CVE-2026-47281 (Improper input validation in Visual Studio Code allows an
unauthorized ...)
+ TODO: check
+CVE-2026-46749 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2026-46748 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2026-46747 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2026-46746 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2026-46492 (md-fileserver allows for local viewing of markdown files in a
browser. ...)
+ TODO: check
+CVE-2026-45771 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2026-45658 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-45657 (Use after free in Windows Kernel allows an unauthorized
attacker to ex ...)
+ TODO: check
+CVE-2026-45656 (Protection mechanism failure in Windows UEFI allows an
authorized atta ...)
+ TODO: check
+CVE-2026-45655 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-45654 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+ TODO: check
+CVE-2026-45653 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
+ TODO: check
+CVE-2026-45650 (User interface (ui) misrepresentation of critical information
in Micro ...)
+ TODO: check
+CVE-2026-45649 (Improper access control in Office for Android allows an
unauthorized a ...)
+ TODO: check
+CVE-2026-45648 (Stack-based buffer overflow in Active Directory Domain
Services allows ...)
+ TODO: check
+CVE-2026-45647 (Time-of-check time-of-use (toctou) race condition in Microsoft
Defende ...)
+ TODO: check
+CVE-2026-45645 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2026-45644 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45643 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
+ TODO: check
+CVE-2026-45642 (Improper input validation in Microsoft Azure Attestation
service and D ...)
+ TODO: check
+CVE-2026-45641 (Out-of-bounds read in Windows Hyper-V allows an unauthorized
attacker ...)
+ TODO: check
+CVE-2026-45640 (Use after free in Windows Bluetooth Port Driver allows an
authorized a ...)
+ TODO: check
+CVE-2026-45639 (Out-of-bounds read in Windows RDP allows an unauthorized
attacker to d ...)
+ TODO: check
+CVE-2026-45638 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+ TODO: check
+CVE-2026-45637 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+ TODO: check
+CVE-2026-45636 (Heap-based buffer overflow in Windows NTFS allows an
unauthorized atta ...)
+ TODO: check
+CVE-2026-45635 (Use after free in Universal Plug and Play (upnp.dll) allows an
unautho ...)
+ TODO: check
+CVE-2026-45634 (Out-of-bounds read in Windows DHCP Server allows an authorized
attacke ...)
+ TODO: check
+CVE-2026-45608 (Out-of-bounds read in Windows DHCP Server allows an authorized
attacke ...)
+ TODO: check
+CVE-2026-45607 (Out-of-bounds read in Windows Hyper-V allows an unauthorized
attacker ...)
+ TODO: check
+CVE-2026-45606 (Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll)
allows a ...)
+ TODO: check
+CVE-2026-45605 (Use after free in Windows Bluetooth Service allows an
authorized attac ...)
+ TODO: check
+CVE-2026-45604 (Out-of-bounds read in Windows Application Identity (AppID)
Subsystem a ...)
+ TODO: check
+CVE-2026-45603 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+ TODO: check
+CVE-2026-45602 (No cwe for this issue in Windows DHCP Server allows an
unauthorized at ...)
+ TODO: check
+CVE-2026-45601 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+ TODO: check
+CVE-2026-45600 (Access of resource using incompatible type ('type confusion')
in Windo ...)
+ TODO: check
+CVE-2026-45599 (Use after free in Universal Plug and Play (upnp.dll) allows an
unautho ...)
+ TODO: check
+CVE-2026-45598 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+ TODO: check
+CVE-2026-45597 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2026-45596 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+ TODO: check
+CVE-2026-45595 (Protection mechanism failure in Windows Mark of the Web (MOTW)
allows ...)
+ TODO: check
+CVE-2026-45594 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2026-45593 (Use after free in Windows SDK allows an authorized attacker to
elevate ...)
+ TODO: check
+CVE-2026-45592 (Integer overflow or wraparound in Windows Internet
(wininet.dll) allow ...)
+ TODO: check
+CVE-2026-45591 (Uncontrolled resource consumption in ASP.NET Core allows an
unauthoriz ...)
+ TODO: check
+CVE-2026-45588 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+ TODO: check
+CVE-2026-45586 (Improper link resolution before file access ('link following')
in Wind ...)
+ TODO: check
+CVE-2026-45583 (Improper control of generation of code ('code injection') in
Microsoft ...)
+ TODO: check
+CVE-2026-45504 (Server-side request forgery (ssrf) in Microsoft Exchange
Server allows ...)
+ TODO: check
+CVE-2026-45503 (Improper authorization in Microsoft Exchange Server allows an
authoriz ...)
+ TODO: check
+CVE-2026-45502 (Server-side request forgery (ssrf) in Microsoft Exchange
Server allows ...)
+ TODO: check
+CVE-2026-45501 (Server-side request forgery (ssrf) in Microsoft Exchange
Server allows ...)
+ TODO: check
+CVE-2026-45500 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45491 (Improper link resolution before file access ('link following')
in .NET ...)
+ TODO: check
+CVE-2026-45490 (Improper authorization in .NET allows an authorized attacker
to elevat ...)
+ TODO: check
+CVE-2026-45487 (Time-of-check time-of-use (TOCTOU) race condition in Program
Compatibi ...)
+ TODO: check
+CVE-2026-45486 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
+ TODO: check
+CVE-2026-45485 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
+ TODO: check
+CVE-2026-45484 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
+ TODO: check
+CVE-2026-45483 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45482 (Improper limitation of a pathname to a restricted directory
('path tra ...)
+ TODO: check
+CVE-2026-45481 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45479 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45476 (Use after free in Linux MANA Driver allows an authorized
attacker to e ...)
+ TODO: check
+CVE-2026-45475 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2026-45474 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2026-45472 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2026-45471 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
+ TODO: check
+CVE-2026-45469 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
+ TODO: check
+CVE-2026-45468 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45467 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45466 (Heap-based buffer overflow in Microsoft Office Word allows an
unauthor ...)
+ TODO: check
+CVE-2026-45465 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45464 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45463 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2026-45462 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45461 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2026-45460 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
+ TODO: check
+CVE-2026-45459 (Protection mechanism failure in Microsoft Office Excel allows
an unaut ...)
+ TODO: check
+CVE-2026-45458 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2026-45457 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
+ TODO: check
+CVE-2026-45456 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2026-45455 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
+ TODO: check
+CVE-2026-45454 (Improper limitation of a pathname to a restricted directory
('path tra ...)
+ TODO: check
+CVE-2026-45453 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-44824 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2026-44823 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
+ TODO: check
+CVE-2026-44822 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
+ TODO: check
+CVE-2026-44821 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
+ TODO: check
+CVE-2026-44820 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
+ TODO: check
+CVE-2026-44819 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2026-44818 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
+ TODO: check
+CVE-2026-44817 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
+ TODO: check
+CVE-2026-44815 (Stack-based buffer overflow in Windows DHCP Client allows an
unauthori ...)
+ TODO: check
+CVE-2026-44814 (Out-of-bounds read in Windows DWM Core Library allows an
authorized at ...)
+ TODO: check
+CVE-2026-44813 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+ TODO: check
+CVE-2026-44812 (Integer overflow or wraparound in Windows Win32K - GRFX allows
an unau ...)
+ TODO: check
+CVE-2026-44811 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+ TODO: check
+CVE-2026-44810 (Improper authentication in Windows Cryptographic Services
allows an un ...)
+ TODO: check
+CVE-2026-44809 (Use after free in Windows Common Log File System Driver allows
an auth ...)
+ TODO: check
+CVE-2026-44808 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+ TODO: check
+CVE-2026-44807 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+ TODO: check
+CVE-2026-44805 (Use after free in Windows Network Controller (NC) Host Agent
allows an ...)
+ TODO: check
+CVE-2026-44804 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+ TODO: check
+CVE-2026-44803 (Integer overflow or wraparound in Windows Win32K - GRFX allows
an unau ...)
+ TODO: check
+CVE-2026-44802 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+ TODO: check
+CVE-2026-44801 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-44799 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-44275 (Dell/Alienware Purchased Apps, versions prior to 1.1.32.0,
contain an ...)
+ TODO: check
+CVE-2026-44083 (An authorization bypass through user-controlled key
vulnerability has ...)
+ TODO: check
+CVE-2026-42993 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-42992 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-42991 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2026-42989 (Improper link resolution before file access ('link following')
in Winl ...)
+ TODO: check
+CVE-2026-42987 (Use after free in Windows Deployment Services allows an
unauthorized a ...)
+ TODO: check
+CVE-2026-42986 (Use after free in Microsoft Graphics Component allows an
authorized at ...)
+ TODO: check
+CVE-2026-42985 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-42984 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
+ TODO: check
+CVE-2026-42983 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+ TODO: check
+CVE-2026-42981 (Integer underflow (wrap or wraparound) in Windows Performance
Monitor ...)
+ TODO: check
+CVE-2026-42980 (Integer underflow (wrap or wraparound) in Windows NT OS Kernel
allows ...)
+ TODO: check
+CVE-2026-42979 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2026-42978 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2026-42977 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2026-42974 (Integer underflow (wrap or wraparound) in Windows Performance
Monitor ...)
+ TODO: check
+CVE-2026-42973 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
+ TODO: check
+CVE-2026-42972 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2026-42971 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
+ TODO: check
+CVE-2026-42970 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
+ TODO: check
+CVE-2026-42969 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
+ TODO: check
+CVE-2026-42968 (Out-of-bounds read in Windows Telephony Service allows an
authorized a ...)
+ TODO: check
+CVE-2026-42916 (Integer underflow (wrap or wraparound) in Windows NT OS Kernel
allows ...)
+ TODO: check
+CVE-2026-42915 (Incorrect calculation of buffer size in Windows TCP/IP allows
an autho ...)
+ TODO: check
+CVE-2026-42914 (Windows Kerberos Denial of Service Vulnerability)
+ TODO: check
+CVE-2026-42913 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-42912 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2026-42911 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+ TODO: check
+CVE-2026-42910 (Out-of-bounds write in Windows Hotpatch Monitoring Service
allows an a ...)
+ TODO: check
+CVE-2026-42909 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+ TODO: check
+CVE-2026-42908 (Out-of-bounds read in Windows RDP allows an unauthorized
attacker to d ...)
+ TODO: check
+CVE-2026-42907 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2026-42906 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2026-42905 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+ TODO: check
+CVE-2026-42904 (Heap-based buffer overflow in Windows TCP/IP allows an
unauthorized at ...)
+ TODO: check
+CVE-2026-42903 (Null pointer dereference in Windows Kerberos allows an
authorized atta ...)
+ TODO: check
+CVE-2026-42902 (Improper authorization in Microsoft PowerToys allows an
authorized att ...)
+ TODO: check
+CVE-2026-42837 (Buffer over-read in Windows Projected File System Filter
Driver allows ...)
+ TODO: check
+CVE-2026-42836 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2026-42835 (Improper neutralization of special elements in output used by
a downst ...)
+ TODO: check
+CVE-2026-42829 (Improper access control in Windows Administrator Protection
allows an ...)
+ TODO: check
+CVE-2026-42828 (Buffer over-read in Windows Projected File System Filter
Driver allows ...)
+ TODO: check
+CVE-2026-42599 (Svelte is a performance oriented web framework. Prior to
version 5.55. ...)
+ TODO: check
+CVE-2026-42573 (Svelte is a performance oriented web framework. Prior to
version 5.55. ...)
+ TODO: check
+CVE-2026-42570 (Svelte devalue is a JavaScript library that serializes values
into str ...)
+ TODO: check
+CVE-2026-42567 (Svelte is a performance oriented web framework. From version
5.51.5 to ...)
+ TODO: check
+CVE-2026-41986 (Logic bypass vulnerability in the file system. Impact:
Successful expl ...)
+ TODO: check
+CVE-2026-41985 (UAF vulnerability in the package management module.Impact:
Successful ...)
+ TODO: check
+CVE-2026-41984 (UAF vulnerability in the package management module.Impact:
Successful ...)
+ TODO: check
+CVE-2026-41983 (DoS vulnerability in the browser kernel.Impact: Successful
exploitatio ...)
+ TODO: check
+CVE-2026-41982 (Race condition vulnerability in the IPC module.Impact:
Successful expl ...)
+ TODO: check
+CVE-2026-41981 (Out-of-bounds write vulnerability in the IPC module.Impact:
Successful ...)
+ TODO: check
+CVE-2026-41977 (DoS vulnerability in the log service.Impact: Successful
exploitation o ...)
+ TODO: check
+CVE-2026-41976 (Permission control vulnerability in the audio
framework.Impact: Succes ...)
+ TODO: check
+CVE-2026-41974 (Permission control vulnerability in service
notifications.Impact: Succ ...)
+ TODO: check
+CVE-2026-41973 (Permission control vulnerability in calls.Impact: Successful
exploitat ...)
+ TODO: check
+CVE-2026-41972 (Path traversal vulnerability in the SMS app.Impact: Successful
exploit ...)
+ TODO: check
+CVE-2026-41116 (Dell Inventory Collector Client, versions prior to 13.8.0,
contain an ...)
+ TODO: check
+CVE-2026-41108 (Heap-based buffer overflow in Microsoft Windows DNS allows an
authoriz ...)
+ TODO: check
+CVE-2026-41098 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-41092 (Improper access control in Microsoft Kinect allows an
authorized attac ...)
+ TODO: check
+CVE-2026-41031 (A Stored Cross-Site Scripting vulnerability in Vinna Process
Monitor V ...)
+ TODO: check
+CVE-2026-40639 (Dell Client Platform BIOS contains a Weak Encoding for
Password vulner ...)
+ TODO: check
+CVE-2026-40409 (Windows Universal Disk Format File System Driver (UDFS)
Elevation of P ...)
+ TODO: check
+CVE-2026-40404 (Windows Universal Disk Format File System Driver (UDFS)
Elevation of P ...)
+ TODO: check
+CVE-2026-40376 (Improper input validation in Visual Studio Code allows an
unauthorized ...)
+ TODO: check
+CVE-2026-40371 (Improper handling of insufficient permissions or privileges in
Microso ...)
+ TODO: check
+CVE-2026-3088 (Unauthenticated users on the local network can cause the router
to bec ...)
+ TODO: check
+CVE-2026-39170 (SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF)
via craf ...)
+ TODO: check
+CVE-2026-39169 (SEMCMS 5.0 is vulnerable to unauthorized access in
SEMCMS_copy.php.)
+ TODO: check
+CVE-2026-38615 (DedeCMS V5.7.118 is vulnerable to Command Execution in
file_manage_con ...)
+ TODO: check
+CVE-2026-36823 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
+ TODO: check
+CVE-2026-36822 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
+ TODO: check
+CVE-2026-36821 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
+ TODO: check
+CVE-2026-36820 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
+ TODO: check
+CVE-2026-36819 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
+ TODO: check
+CVE-2026-36818 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
+ TODO: check
+CVE-2026-36817 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
+ TODO: check
+CVE-2026-36816 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
+ TODO: check
+CVE-2026-36815 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
+ TODO: check
+CVE-2026-36813 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
+ TODO: check
+CVE-2026-36811 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
+ TODO: check
+CVE-2026-36810 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
+ TODO: check
+CVE-2026-36809 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
+ TODO: check
+CVE-2026-36808 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
+ TODO: check
+CVE-2026-36807 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
+ TODO: check
+CVE-2026-36806 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
+ TODO: check
+CVE-2026-36805 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
+ TODO: check
+CVE-2026-36803 (Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was
discovered ...)
+ TODO: check
+CVE-2026-36802 (Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was
discovered ...)
+ TODO: check
+CVE-2026-36801 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
+ TODO: check
+CVE-2026-36800 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
+ TODO: check
+CVE-2026-36799 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
+ TODO: check
+CVE-2026-36798 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
+ TODO: check
+CVE-2026-36797 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
+ TODO: check
+CVE-2026-36796 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
+ TODO: check
+CVE-2026-36794 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
+ TODO: check
+CVE-2026-36793 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
+ TODO: check
+CVE-2026-36792 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
+ TODO: check
+CVE-2026-36791 (Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was
discovered ...)
+ TODO: check
+CVE-2026-36784 (Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router
v1.0.0.5(4 ...)
+ TODO: check
+CVE-2026-36783 (Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router
v1.0.0.5(4 ...)
+ TODO: check
+CVE-2026-36779 (Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router
v1.0.0.5(4 ...)
+ TODO: check
+CVE-2026-36778 (Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router
v1.0.0.5(4 ...)
+ TODO: check
+CVE-2026-36777 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
+ TODO: check
+CVE-2026-36773 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
+ TODO: check
+CVE-2026-36772 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
+ TODO: check
+CVE-2026-36771 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
+ TODO: check
+CVE-2026-36770 (Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3
was disc ...)
+ TODO: check
+CVE-2026-36728 (A markdown based cross-site scripting (XSS) vulnerability in
the AI as ...)
+ TODO: check
+CVE-2026-36727 (An insecure authentication vulnerability in the
/api/social-sign-in en ...)
+ TODO: check
+CVE-2026-36726 (An arbitrary file deletion vulnerability in the
/api/delete-temp-licen ...)
+ TODO: check
+CVE-2026-36725 (A markdown based cross-site scripting (XSS) vulnerability in
the /syst ...)
+ TODO: check
+CVE-2026-36724 (An uncaught exception in the /application/job/update/{id}
endpoint of ...)
+ TODO: check
+CVE-2026-36723 (An unrestricted file rename vulnerability in the
/api/create-user comp ...)
+ TODO: check
+CVE-2026-36722 (An authenticated arbitrary file upload vulnerability in the
/api/creat ...)
+ TODO: check
+CVE-2026-36721 (A lack of cryptographic signature verification in the
validateAccessTo ...)
+ TODO: check
+CVE-2026-36720 (Insecure permissions in bookcars v8.3 allows authenticated
attackers t ...)
+ TODO: check
+CVE-2026-36719 (An information disclosure vulnerability in the
/api/v1/user/info endpo ...)
+ TODO: check
+CVE-2026-34905 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2026-34708 (InCopy versions 21.3, 20.5.3 and earlier are affected by a
Stack-based ...)
+ TODO: check
+CVE-2026-34707 (InCopy versions 21.3, 20.5.3 and earlier are affected by a
Heap-based ...)
+ TODO: check
+CVE-2026-34706 (InCopy versions 21.3, 20.5.3 and earlier are affected by an
out-of-bou ...)
+ TODO: check
+CVE-2026-34705 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by an ...)
+ TODO: check
+CVE-2026-34704 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a N ...)
+ TODO: check
+CVE-2026-34703 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a N ...)
+ TODO: check
+CVE-2026-34702 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a S ...)
+ TODO: check
+CVE-2026-34701 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a H ...)
+ TODO: check
+CVE-2026-34700 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by an ...)
+ TODO: check
+CVE-2026-34699 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a H ...)
+ TODO: check
+CVE-2026-34698 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a H ...)
+ TODO: check
+CVE-2026-34697 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a S ...)
+ TODO: check
+CVE-2026-34696 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a U ...)
+ TODO: check
+CVE-2026-34695 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a S ...)
+ TODO: check
+CVE-2026-34694 (Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0
and earl ...)
+ TODO: check
+CVE-2026-34693 (Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0
and earl ...)
+ TODO: check
+CVE-2026-34692 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
+ TODO: check
+CVE-2026-34691 (Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0
and earl ...)
+ TODO: check
+CVE-2026-34335 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+ TODO: check
+CVE-2026-34033 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2026-34031 (Unrestricted Upload of File with Dangerous Type vulnerability
in Apach ...)
+ TODO: check
+CVE-2026-33828 (Trust boundary violation in Windows Attestation allows an
authorized a ...)
+ TODO: check
+CVE-2026-33582 (Unrestricted Upload of File with Dangerous Type vulnerability
in Apach ...)
+ TODO: check
+CVE-2026-33113 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-32193 (Improper limitation of a pathname to a restricted directory
('path tra ...)
+ TODO: check
+CVE-2026-30141 (An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A
buffer overf ...)
+ TODO: check
+CVE-2026-2638 (A vulnerability in the quarantine and restore workflow of the
X-VPN ma ...)
+ TODO: check
+CVE-2026-28301 (A vulnerability in which an attacker can provide a crafted
external UR ...)
+ TODO: check
+CVE-2026-28262 (Dell iDRAC Tools, versions prior to 11.4.1.0, contains an
Improper Lin ...)
+ TODO: check
+CVE-2026-28237 (Unrestricted resource allocation in AMD uProf may be
exploitable to co ...)
+ TODO: check
+CVE-2026-26142 (Deserialization of untrusted data in Nuance PowerScribe allows
an unau ...)
+ TODO: check
+CVE-2026-25699 (Exposure of Private Personal Information to an Unauthorized
Actor vuln ...)
+ TODO: check
+CVE-2026-25688 (Improper Neutralization of Alternate XSS Syntax vulnerability
in Apach ...)
+ TODO: check
+CVE-2026-25089 (A improper neutralization of special elements used in an os
command (' ...)
+ TODO: check
+CVE-2026-24349 (A vulnerability has been identified in SIMATIC WinCC Unified
PC Runtim ...)
+ TODO: check
+CVE-2026-24181 (NVIDIA DALI contains a vulnerability in a component where an
attacker ...)
+ TODO: check
+CVE-2026-24180 (NVIDIA DALI contains a vulnerability in a component where an
attacker ...)
+ TODO: check
+CVE-2026-24065 (Waves Central for macOS versions 13.0.9 through 16.5.5 contain
a local ...)
+ TODO: check
+CVE-2026-24064 (Waves Central for macOS versions 13.0.9 through 16.5.5 contain
a local ...)
+ TODO: check
+CVE-2026-22926 (Omnissa Workspace ONE\xae Assist for macOS contains a Local
Privilege ...)
+ TODO: check
+CVE-2026-11793 (A stack buffer overflow flaw was found in 389 Directory
Server. The ch ...)
+ TODO: check
+CVE-2026-11792 (A heap buffer overflow flaw was found in 389 Directory Server.
When au ...)
+ TODO: check
+CVE-2026-11790 (A flaw was found in 389 Directory Server. The PBKDF2-SHA256
password s ...)
+ TODO: check
+CVE-2026-11789 (A flaw was found in 389 Directory Server. The SMD5 password
storage pl ...)
+ TODO: check
+CVE-2026-11788 (A flaw was found in 389 Directory Server. The dereference
control plug ...)
+ TODO: check
+CVE-2026-11787 (A flaw was found in 389 Directory Server. The ldap_utf8prev()
function ...)
+ TODO: check
+CVE-2026-11786 (A flaw was found in 389 Directory Server. The LDIF parser
reads past t ...)
+ TODO: check
+CVE-2026-11785 (A flaw was found in 389 Directory Server. A type confusion in
the SSO ...)
+ TODO: check
+CVE-2026-11764 (When creating an export of all reusable media, the secrets of
connecte ...)
+ TODO: check
+CVE-2026-11616 (The Events Calendar for GeoDirectory plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2026-11607 (Backend users with access to the Form Framework were able to
use files ...)
+ TODO: check
+CVE-2026-10731 (SQL injection in the \u2018two_steps_auth_code\u2019 parameter
process ...)
+ TODO: check
+CVE-2026-10727 (An OS command injection vulnerability in Ivanti EPMM
before12.9.0.1, 1 ...)
+ TODO: check
+CVE-2026-10523 (An Authentication Bypass vulnerability (CWE-288)in
IvantiSentry before ...)
+ TODO: check
+CVE-2026-10520 (An OS Command Injection vulnerabilityin IvantiSentry
beforetheR10.5.2, ...)
+ TODO: check
+CVE-2026-10045 (Shenzhen Kangda Xin Intelligent Network Technology Company's
router, m ...)
+ TODO: check
+CVE-2026-0466 (Improper access control in AMD uProf may allow a local attacker
with u ...)
+ TODO: check
+CVE-2026-0420 (An improper implementation of TLS certificate validation
vulnerability ...)
+ TODO: check
+CVE-2026-0419 (Insufficient input validation in NETGEAR JR6150 (AC750 WiFi
Router 802 ...)
+ TODO: check
+CVE-2026-0418 (Insufficient configuration management in the listed
devicesallows auth ...)
+ TODO: check
+CVE-2026-0417 (Insufficient input validation vulnerability in
NETGEARdevicesallows au ...)
+ TODO: check
+CVE-2026-0416 (Authenticated administrators connected to the local network can
modify ...)
+ TODO: check
+CVE-2026-0415 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
+ TODO: check
+CVE-2026-0414 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
+ TODO: check
+CVE-2026-0413 (Insufficient input validation of buffers vulnerability in
thelisted NE ...)
+ TODO: check
+CVE-2026-0412 (Insufficient input validation vulnerability in NETGEAR JR6150
(AC750 W ...)
+ TODO: check
+CVE-2026-0411 (An information disclosure vulnerability in theNETGEAROrbi
satellites c ...)
+ TODO: check
+CVE-2026-0410 (Authenticated administrators connected to the local network can
gain ...)
+ TODO: check
+CVE-2026-0409 (ANETGEARsecurity issue that could allow an attacker with
ability to in ...)
+ TODO: check
+CVE-2025-67862 (An Internal Asset Exposed to Unsafe Debug Access Level or
State vulner ...)
+ TODO: check
+CVE-2025-62858 (A buffer overflow vulnerability has been reported to affect
several QN ...)
+ TODO: check
+CVE-2025-55659 (A NULL pointer dereference in the ctts_box_write function
(isomedia/bo ...)
+ TODO: check
+CVE-2025-55658 (GPAC MP4Box v2.4 was discovered to contain a floating point
exception ...)
+ TODO: check
+CVE-2025-55657 (A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs
function (od ...)
+ TODO: check
+CVE-2025-55651 (A NULL pointer dereference in the gf_isom_get_user_data_count
function ...)
+ TODO: check
+CVE-2025-54509 (Improper access control for register interface in the
input-output mem ...)
+ TODO: check
+CVE-2025-52293 (A segmentation violaton in the gf_hevc_read_sps_bs_internal
function ( ...)
+ TODO: check
+CVE-2025-52292 (A stack buffer overflow in the filein_process function
(in_file.c) of ...)
+ TODO: check
+CVE-2025-40808 (A vulnerability has been identified in SIPROTEC 5 6MD84
(CP300) (All v ...)
+ TODO: check
+CVE-2023-43688 (An issue was discovered in Malwarebytes 4.x and 5.x (and
Nebula 2020-1 ...)
+ TODO: check
+CVE-2023-43686 (An issue was discovered in Malwarebytes 4.x and 5.x (and
Nebula 2020-1 ...)
+ TODO: check
+CVE-2017-20251 (WordPress Insert PHP plugin versions before 3.3.1 contain a
PHP code i ...)
+ TODO: check
+CVE-2017-20250 (Mac Photo Gallery 3.0 contains a path traversal vulnerability
that all ...)
+ TODO: check
+CVE-2017-20249 (Apptha Slider Gallery 1.0 contains an SQL injection
vulnerability that ...)
+ TODO: check
+CVE-2017-20248 (Apptha Slider Gallery 1.0 contains a path traversal
vulnerability that ...)
+ TODO: check
+CVE-2017-20247 (WordPress Plugin PICA Photo Gallery 1.0 contains an SQL
injection vuln ...)
+ TODO: check
+CVE-2017-20246 (KittyCatfish 2.2 plugin for WordPress contains an SQL
injection vulner ...)
+ TODO: check
+CVE-2017-20245 (Wow Viral Signups 2.1 WordPress plugin contains an SQL
injection vulne ...)
+ TODO: check
+CVE-2017-20244 (Wow Forms WordPress Plugin version 2.1 contains an SQL
injection vulne ...)
+ TODO: check
+CVE-2017-20243 (WordPress Car Park Booking Plugin version 13 October 17
contains a tim ...)
+ TODO: check
+CVE-2016-20065 (Product Catalog 8 1.2 plugin for WordPress contains an SQL
injection v ...)
+ TODO: check
+CVE-2016-20064 (WP Vault 0.8.6.6 contains a local file inclusion vulnerability
that al ...)
+ TODO: check
+CVE-2016-20063 (Single Personal Message 1.0.3 contains an SQL injection
vulnerability ...)
+ TODO: check
+CVE-2016-20062 (Simply Poll 1.4.1 plugin for WordPress contains an SQL
injection vulne ...)
+ TODO: check
+CVE-2026-45446 (Issue summary: The implementations of AES-SIV (RFC 5297) and
AES-GCM-S ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-42771 [Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()]
+CVE-2026-42771 (Issue summary: When the X509_VERIFY_PARAM_set1_email is called
by an a ...)
- openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-42770 [FFC-DH Peer Validation Uses Attacker-Supplied q]
+CVE-2026-42770 (Issue summary: When EVP_PKEY_derive_set_peer() is called with
a DHX (X ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-42769 [Trust-Anchor Substitution via cert/issuer Typo in CMP
rootCaKeyUpdate]
+CVE-2026-42769 (Issue Summary: An error in the callback used to verify the
certificate ...)
- openssl <unfixed>
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-42768 [Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and
PKCS7_decrypt()]
+CVE-2026-42768 (Issue summary: The CMS_decrypt and PKCS7_decrypt functions are
vulnera ...)
- openssl <unfixed>
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-42767 [NULL Pointer Dereference in CRMF EncryptedValue Decryption]
+CVE-2026-42767 (Issue summary: An attacker-controlled CMP (Certificate
Management Prot ...)
- openssl <unfixed>
[bookworm] - openssl <no-dsa> (Minor issue; can be fixed in next update)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-42766 [Possible NULL Dereference in Password-Based CMS Decryption]
+CVE-2026-42766 (Issue summary: A specially crafted password-encrypted CMS
message can ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-42765 [NULL Dereference in Certificate Verification with OCSP
Checking]
+CVE-2026-42765 (Issue summary: When a partial-chain certificate verification
is enable ...)
- openssl <unfixed>
[trixie] - openssl <not-affected> (Vulnerable code not present)
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-34181 [PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys]
+CVE-2026-34181 (Issue Summary: The PKCS#12 file processing fails to perform
sufficient ...)
- openssl <unfixed>
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-34180 [Heap Buffer Over-read in ASN.1 Content Parsing]
+CVE-2026-34180 (Issue summary: Parsing a crafted DER-encoded ASN.1 structure
with a pr ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-9076 [Out-of-Bounds Read in CMS Password-Based Decryption]
+CVE-2026-9076 (Issue summary: When CMS password-based decryption (RFC 3211 /
PWRI key ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-7383 [Possible Heap Buffer Overflow in ASN.1 Multibyte String
Conversion]
+CVE-2026-7383 (Issue summary: A signed integer overflow when sizing the
destination b ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-45445 [AES-OCB IV Ignored on EVP_Cipher() Path]
+CVE-2026-45445 (Issue summary: When an application drives an AES-OCB context
through t ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-42764 [NULL Pointer Dereference in QUIC Server Initial Packet
Handling]
+CVE-2026-42764 (Issue summary: Receiving a QUIC initial packet with an invalid
token m ...)
- openssl <unfixed>
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-35188 [Double-free When Checking OCSP Stapled Response]
+CVE-2026-35188 (Issue summary: A malicious server can exploit TLS OCSP
stapling by del ...)
- openssl <unfixed>
[trixie] - openssl <not-affected> (Vulnerable code not present)
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-34183 [Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler]
+CVE-2026-34183 (Issue summary: Remote peer may exhaust heap memory of the QUIC
server ...)
- openssl <unfixed>
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-34182 [CMS AuthEnvelopedData Processing May Accept Forged Messages]
+CVE-2026-34182 (Issue Summary: Cryptographic Message Services (CMS) processing
fails t ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
-CVE-2026-45447 [Heap Use-After-Free in the PKCS7_verify() Function]
+CVE-2026-45447 (Issue summary: A specially crafted PKCS#7 or S/MIME signed
message cou ...)
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42488
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-494.html
-CVE-2025-10263
+CVE-2025-10263 (Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2,
Neoverse V1 ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-493.html
CVE-2026-42490
@@ -84,112 +1034,112 @@ CVE-2026-42489
CVE-2026-42487
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-491.html
-CVE-2026-52907 [media: rockchip: rkcif: fix off by one bugs]
+CVE-2026-52907 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e4056b84af0fc18c84b4e5741df04ecd8ca17973 (7.1-rc1)
-CVE-2026-52906 [9p: fix access mode flags being ORed instead of replaced]
+CVE-2026-52906 (In the Linux kernel, the following vulnerability has been
resolved: 9 ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/da2346a48a5a1fed86c3fe3d73c0b60e7b3027c9 (7.1-rc1)
-CVE-2026-52905 [mm/damon/core: disallow non-power of two min_region_sz on
damon_start()]
+CVE-2026-52905 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/95093e5cb4c5b50a5b1a4b79f2942b62744bd66a (7.1-rc1)
-CVE-2026-52904 [drm/nouveau: fix nvkm_device leak on aperture removal failure]
+CVE-2026-52904 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6597ff1d8de3f583be169587efeafd8af134e138 (7.1-rc1)
-CVE-2026-46332 [greybus: gb-beagleplay: bound bootloader receive buffering]
+CVE-2026-46332 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1214bf28965ceaf584fb20d357731264dd2e10e1 (7.1-rc1)
-CVE-2026-46329 [erofs: handle end of filesystem properly for file-backed
mounts]
+CVE-2026-46329 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bc804a8d7e865ef47fb7edcaf5e77d18bf444ebc (7.0-rc1)
-CVE-2026-46328 [apparmor: fix rlimit for posix cpu timers]
+CVE-2026-46328 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux 5.10.257-1
NOTE:
https://git.kernel.org/linus/6ca56813f4a589f536adceb42882855d91fb1125 (7.0-rc1)
-CVE-2026-46327 [dm: fix unlocked test for dm_suspended_md]
+CVE-2026-46327 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/24c405fdbe215c45e57bba672cc42859038491ee (7.0-rc1)
-CVE-2026-46326 [iio: pressure: mprls0025pa: fix spi_transfer struct
initialisation]
+CVE-2026-46326 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1e0ac56c92e26115cbc8cfc639843725cb3a7d6a (7.0-rc1)
-CVE-2026-46330 [Revert "net/smc: Introduce TCP ULP support"]
+CVE-2026-46330 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/df31a6b0a3057e66994ad6ccf5d95b9b9514f033 (7.0-rc1)
-CVE-2026-46325 [RDMA/rxe: Fix iova-to-va conversion for MR page sizes !=
PAGE_SIZE]
+CVE-2026-46325 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.18.14-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/12985e5915a0b8354796efadaaeb201eed115377 (7.0-rc1)
-CVE-2026-46324 [netfilter: nf_tables: use list_del_rcu for netlink hooks]
+CVE-2026-46324 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/f3224ee463f8f6f6ced7dcdf6081add4f8128527 (7.1-rc2)
-CVE-2026-46323 [net: gro: don't merge zcopy skbs]
+CVE-2026-46323 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4db79a322db8c97f7b73b8a347395ef4d685eb40 (7.1-rc5)
-CVE-2026-46322 [tun: free page on build_skb failure in tun_xdp_one()]
+CVE-2026-46322 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/aa8963fdce667a42fb7f0bdd2909fadcab02f9a8 (7.1-rc6)
-CVE-2026-46321 [tun: free page on short-frame rejection in tun_xdp_one()]
+CVE-2026-46321 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/f4feb1e20058e407cb00f45aff47f5b7e19a6bbf (7.1-rc6)
-CVE-2026-46320 [tap: free page on error paths in tap_get_user_xdp()]
+CVE-2026-46320 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/3bcf7aec6a9d16438f2cec29f5d7c8d5b8edf9b2 (7.1-rc6)
-CVE-2026-46319 [net/sched: act_ct: Only release RCU read lock after ct_ft]
+CVE-2026-46319 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/f462dca0c8415bf0058d0ffa476354c4476d0f09 (7.1-rc1)
-CVE-2026-46318 [Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare"]
+CVE-2026-46318 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/83f9efcce93f8574be2279090ee2aec58b86cda7 (7.1-rc6)
-CVE-2026-46317 [KVM: arm64: Reassign nested_mmus array behind mmu_lock]
+CVE-2026-46317 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/70543358fa08e0f7cebc3447c3b70fe97ad7aaa8 (7.1-rc7)
-CVE-2026-46316 [KVM: arm64: vgic-its: Drop the translation cache reference
only for the erased entry]
+CVE-2026-46316 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/13031fb6b8357fbbcded2a7f4cba73e4781ee594 (7.1-rc7)
-CVE-2026-46315 [io_uring/waitid: clear waitid info before copying it to
userspace]
+CVE-2026-46315 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/93d93f5f8da791e98159795c6ef683f45bd95d13 (7.1-rc5)
-CVE-2026-49818
+CVE-2026-49818 (The Apache Airflow Samba provider's `GCSToSambaOperator`
joined GCS ob ...)
NOT-FOR-US: Airflow provider
-CVE-2009-10007
+CVE-2009-10007 (Catalyst::Plugin::Authentication versions before 0.10_027 for
Perl is ...)
- libcatalyst-plugin-authentication-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40832427/
NOTE: Fixed by:
https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b1385ea87a2491b64f33169222af19982d0acce3
(v0.10_027)
@@ -1416,7 +2366,7 @@ CVE-2026-25620 (An encrypted password command injection
vulnerability exists in
NOT-FOR-US: Arista Networks
CVE-2026-11431 (A path traversal vulnerability exists in the Projects Service
download ...)
NOT-FOR-US: Altium
-CVE-2026-11429 (A path traversal vulnerability exists in the Git Service
component sha ...)
+CVE-2026-11429 (Two endpoints in the Vault Service ScriptsController, shared
by Altium ...)
NOT-FOR-US: Altium
CVE-2026-11424 (A server-side request forgery (SSRF) vulnerability exists in a
GraphQL ...)
NOT-FOR-US: Altium
@@ -3387,7 +4337,7 @@ CVE-2026-11309 (Insufficient policy enforcement in
History in Google Chrome prio
{DSA-6325-1}
- chromium 149.0.7827.53-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-9698
+CVE-2026-9698 (DBI versions before 1.648 for Perl saved errors in a
limited-sized buf ...)
- libdbi-perl 1.648-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40831067/
NOTE: Fixed by:
https://github.com/perl5-dbi/dbi/commit/bfe5d73c162d2d1f761a639a0aa33aad6a9eb54e
(1.648)
@@ -4612,7 +5562,7 @@ CVE-2026-42504 (Decoding a maliciously-crafted MIME
header containing many inval
NOTE: https://github.com/golang/go/issues/79217
NOTE:
https://github.com/golang/go/commit/7f24db453a60faf6a3546d60bb02917a0a7aace0
(go1.26.4)
NOTE:
https://github.com/golang/go/commit/b79e0339290e14b3b2de1dc4942b8a88701ddb02
(go1.25.11)
-CVE-2026-10725 (Protocol::HTTP2 versions through 1.12 for Perl is vulnerable
to a HTTP ...)
+CVE-2026-10725 (Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to
a HTTP/ ...)
- libprotocol-http2-perl 1.12-2
[trixie] - libprotocol-http2-perl <no-dsa> (Minor issue)
[bookworm] - libprotocol-http2-perl <no-dsa> (Minor issue)
@@ -18570,7 +19520,7 @@ CVE-2026-35438 (Missing authorization in Windows Admin
Center allows an authoriz
NOT-FOR-US: Microsoft
CVE-2026-35436 (Use after free in Microsoft Office allows an authorized
attacker to el ...)
NOT-FOR-US: Microsoft
-CVE-2026-35433 (Improper input validation in .NET allows an unauthorized
attacker to e ...)
+CVE-2026-35433 (Heap-based buffer overflow in .NET allows an unauthorized
attacker to ...)
NOT-FOR-US: Microsoft
CVE-2026-35429 (User interface (ui) misrepresentation of critical information
in Micro ...)
NOT-FOR-US: Microsoft
@@ -22250,7 +23200,7 @@ CVE-2026-7414 (Yarbo firmware v2.3.9 contains hardcoded
administrative credentia
NOT-FOR-US: Yarbo
CVE-2026-7413 (A hidden, persistent backdoor was found in Yarbo firmware
v2.3.9 that ...)
NOT-FOR-US: Yarbo
-CVE-2026-6973 (An Improper Input Validation in Ivanti EPMMbeforeversions
12.6.1.1, 12 ...)
+CVE-2026-6973 (A configuration control vulnerability
intheIvantiEndpointManagerMobile ...)
NOT-FOR-US: Ivanti
CVE-2026-6805 (Vulnerability on the external sharing feature in Cryptobox
allows an a ...)
NOT-FOR-US: Cryptobox
@@ -63744,7 +64694,8 @@ CVE-2026-26958 (filippo.io/edwards25519 is a Go library
implementing the edwards
[bookworm] - golang-filippo-edwards25519 <no-dsa> (Minor issue;
MultiScalarMult is a rarely used advanced API)
NOTE:
https://github.com/FiloSottile/edwards25519/security/advisories/GHSA-fw7p-63qq-7hpr
NOTE: Fixed by:
https://github.com/FiloSottile/edwards25519/commit/d1c650afb95fad0742b98d95f2eb2cf031393abb
(v1.1.1)
-CVE-2026-26957 (Libredesk is a self-hosted customer support desk application.
Versions ...)
+CVE-2026-26957
+ REJECTED
NOT-FOR-US: Libredesk
CVE-2026-26953 (Pi-hole Admin Interface is a web interface for managing
Pi-hole, a net ...)
NOT-FOR-US: Pi-Hole
@@ -113439,7 +114390,7 @@ CVE-2025-33177 (NVIDIA Jetson Linux and IGX OS
contain a vulnerability in NvMap,
NOT-FOR-US: NVIDIA
CVE-2025-33044 (APTIOV contains a vulnerability in BIOS where an attacker may
cause an ...)
NOT-FOR-US: AMI
-CVE-2025-31514 (An Insertion of Sensitive Information into Log File
vulnerability [CWE ...)
+CVE-2025-31514 (A insertion of sensitive information into log file
vulnerability in Fo ...)
NOT-FOR-US: Fortinet
CVE-2025-31366 (An Improper Neutralization of Input During Web Page Generation
vulnera ...)
NOT-FOR-US: Fortinet
@@ -352469,8 +353420,8 @@ CVE-2023-29148
RESERVED
CVE-2023-29147 (In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass
the det ...)
NOT-FOR-US: Malwarebytes EDR
-CVE-2023-29146
- RESERVED
+CVE-2023-29146 (The utility functions used by Malwarebytes EDR 1.0.11 on Linux
for cal ...)
+ TODO: check
CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly
ensure w ...)
NOT-FOR-US: Malwarebytes EDR
CVE-2023-29144 (Malwarebytes 1.0.14 for Linux doesn't properly compute
signatures in s ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2e6980e0f8ae152e6f544bfecf1780e06127d58
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2e6980e0f8ae152e6f544bfecf1780e06127d58
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
