Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3289cfe by security tracker role at 2026-06-11T19:13:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,377 @@
-CVE-2026-10143
+CVE-2026-9694 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-9648 (The crypton-x509-validation Haskell library fails to enforce
X.509 Nam ...)
+ TODO: check
+CVE-2026-9204 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-8589 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-8464 (Golem OEE MES is vulnerable to an unauthenticated path
traversal flaw. ...)
+ TODO: check
+CVE-2026-8406 (openSIS Classic 9.3 contains an insecure direct object
reference vulne ...)
+ TODO: check
+CVE-2026-7870 (IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain
elevated privi ...)
+ TODO: check
+CVE-2026-7852 (Unrestricted upload of file with dangerous type vulnerability
in Limat ...)
+ TODO: check
+CVE-2026-7787 (IBM Langflow OSS 1.0.0 through 1.9.1 could allow an
authenticated user ...)
+ TODO: check
+CVE-2026-7250 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-6976 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-6552 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-6338 (A HTTP request smuggling and desynchronization vulnerability
affects K ...)
+ TODO: check
+CVE-2026-6277 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-6269 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-5497 (vLLM versions 0.8.0 and later are vulnerable to an
Out-of-Memory (OOM) ...)
+ TODO: check
+CVE-2026-53912 (Cerebrate before version 1.37 exposed credential material from
self-re ...)
+ TODO: check
+CVE-2026-53911 (Cerebrate before version 1.37 allowed the id primary key field
to be s ...)
+ TODO: check
+CVE-2026-53901 (Cerebrate before version 1.37 contains a mass-assignment
vulnerability ...)
+ TODO: check
+CVE-2026-53777 (Perry before 0.5.1159 contains a path traversal vulnerability
that all ...)
+ TODO: check
+CVE-2026-53742 (Simple Link Directory through 9.0.4 echoes embed shortcode
attributes ...)
+ TODO: check
+CVE-2026-53741 (Simple Link Directory through 9.0.4 interpolates the
sld_no_results_fo ...)
+ TODO: check
+CVE-2026-53740 (Yoast Duplicate Post through 4.6 inserts an unescaped post
title and p ...)
+ TODO: check
+CVE-2026-53739 (Yoast Duplicate Post through 4.6 contains a cross-site request
forgery ...)
+ TODO: check
+CVE-2026-53738 (Copy & Delete Posts through 1.5.4 lets any plugin-enabled
non-admin ro ...)
+ TODO: check
+CVE-2026-53737 (Juicer through 1.12.18 fails to escape remote feed API
response fields ...)
+ TODO: check
+CVE-2026-53736 (Easy Twitter Feeds before 1.2.13 contains a cross-site request
forgery ...)
+ TODO: check
+CVE-2026-53723 (Guzzle Services provides an implementation of the Guzzle
Command libra ...)
+ TODO: check
+CVE-2026-53702 (A stack buffer overflow flaw was found in the GStreamer H.265
codec pa ...)
+ TODO: check
+CVE-2026-53701 (An out-of-bounds write vulnerability was found in GStreamer's
H.266/VV ...)
+ TODO: check
+CVE-2026-53661 (Boruta is a standalone authorization server that aims to
implement OAu ...)
+ TODO: check
+CVE-2026-53634 (Sharp is a content management framework built for Laravel as a
package ...)
+ TODO: check
+CVE-2026-53465 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-53464 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-53463 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-53462 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-53461 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-53460 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-53423 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-52860 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
+ TODO: check
+CVE-2026-52859 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
+ TODO: check
+CVE-2026-52858 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
+ TODO: check
+CVE-2026-52726 (Dulwich is a pure-Python implementation of the Git file
formats and pr ...)
+ TODO: check
+CVE-2026-50223 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-50131 (Fedify is a TypeScript library for building federated server
apps powe ...)
+ TODO: check
+CVE-2026-50127 (Weblate is a web based localization tool. From version 5.15 to
before ...)
+ TODO: check
+CVE-2026-4764 (A Missing Authorization vulnerability in the playbook import
functiona ...)
+ TODO: check
+CVE-2026-4096 (IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP
header injec ...)
+ TODO: check
+CVE-2026-49982 (tmp is a temporary file and directory creator for node.js. In
version ...)
+ TODO: check
+CVE-2026-49219 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-49218 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-48994 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-48734 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-48733 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-48724 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-48547 (KanaDojo contains a command injection vulnerability that
allows an att ...)
+ TODO: check
+CVE-2026-48546 (KanaDojo before 0.1.18 contains a sandbox escape vulnerability
that al ...)
+ TODO: check
+CVE-2026-48110 (Russh is a Rust SSH client & server library. From version
0.34.0 to be ...)
+ TODO: check
+CVE-2026-48108 (Russh is a Rust SSH client & server library. From version
0.34.0-beta. ...)
+ TODO: check
+CVE-2026-48107 (Russh is a Rust SSH client & server library. From version
0.37.0 to be ...)
+ TODO: check
+CVE-2026-48011 (Shopware is an open commerce platform. Prior to versions
6.6.10.18 and ...)
+ TODO: check
+CVE-2026-47342 (A privilege escalation vulnerability in Apache OFBiz allows a
low-priv ...)
+ TODO: check
+CVE-2026-47250 (mcp-server-kubernetes is a Model Context Protocol server for
Kubernete ...)
+ TODO: check
+CVE-2026-47213 (Boxlite is a sandbox service that allows users to create
lightweight v ...)
+ TODO: check
+CVE-2026-47189 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
+ TODO: check
+CVE-2026-47188 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
+ TODO: check
+CVE-2026-47181 (PenguinMod-BackendApi is the backend api for penguinmod. Prior
to vers ...)
+ TODO: check
+CVE-2026-47177 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
+ TODO: check
+CVE-2026-47176 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
+ TODO: check
+CVE-2026-47175 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
+ TODO: check
+CVE-2026-47174 (In Duck Site before version 1.0.1, the repository has a deploy
workflo ...)
+ TODO: check
+CVE-2026-47173 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
+ TODO: check
+CVE-2026-47172 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
+ TODO: check
+CVE-2026-47171 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
+ TODO: check
+CVE-2026-47170 (Garlic-Hub manages digital signage network \u2014 devices,
content, an ...)
+ TODO: check
+CVE-2026-47169 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
+ TODO: check
+CVE-2026-47167 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
+ TODO: check
+CVE-2026-47163 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
+ TODO: check
+CVE-2026-47162 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
+ TODO: check
+CVE-2026-47157 (aiograpi is an asynchronous Instagram API for Python. aiograpi
version ...)
+ TODO: check
+CVE-2026-46705 (Russh is a Rust SSH client & server library. From version
0.34.0-beta. ...)
+ TODO: check
+CVE-2026-46703 (Boxlite is a sandbox service that allows users to create
lightweight v ...)
+ TODO: check
+CVE-2026-46702 (Russh is a Rust SSH client & server library. From version
0.34.0 to be ...)
+ TODO: check
+CVE-2026-46698 (Fediverse Embeds embeds fediverse posts on WordPress sites.
Prior to v ...)
+ TODO: check
+CVE-2026-46697 (Fediverse Embeds embeds fediverse posts on WordPress sites.
Prior to v ...)
+ TODO: check
+CVE-2026-46695 (Boxlite is a sandbox service that allows users to create
lightweight v ...)
+ TODO: check
+CVE-2026-46689 (Kanidm is an identity management platform. Prior to version
1.9.3, a s ...)
+ TODO: check
+CVE-2026-46683 (Snappy is a PHP library allowing thumbnail, snapshot or PDF
generation ...)
+ TODO: check
+CVE-2026-46679 (libp2p is a JavaScript Implementation of libp2p networking
stack. Prio ...)
+ TODO: check
+CVE-2026-46673 (Russh is a Rust SSH client & server library. Prior to version
0.60.3, ...)
+ TODO: check
+CVE-2026-46669 (OpenVM is a performant and modular zkVM framework built for
customizat ...)
+ TODO: check
+CVE-2026-46668 (SpiceDB is an open source database system for creating and
managing se ...)
+ TODO: check
+CVE-2026-46654 (Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to
versions 0. ...)
+ TODO: check
+CVE-2026-46645 (SQLAdmin is a flexible Admin interface for SQLAlchemy models.
Prior to ...)
+ TODO: check
+CVE-2026-46643 (Snappy is a PHP library allowing thumbnail, snapshot or PDF
generation ...)
+ TODO: check
+CVE-2026-46625 (JavaScript Cookie is a JavaScript API for handling cookies,
client-sid ...)
+ TODO: check
+CVE-2026-46519 (mcp-server-kubernetes is a Model Context Protocol server for
Kubernete ...)
+ TODO: check
+CVE-2026-45783 (libp2p is a JavaScript Implementation of libp2p networking
stack. Prio ...)
+ TODO: check
+CVE-2026-45384 (bit7z is a cross-platform C++ static library that allows the
compressi ...)
+ TODO: check
+CVE-2026-45380 (bit7z is a cross-platform C++ static library that allows the
compressi ...)
+ TODO: check
+CVE-2026-45178 (Idira Secrets Manager Self-Hosted versions 13.8.0 and lower
exhibit im ...)
+ TODO: check
+CVE-2026-45177 (Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit
improper ...)
+ TODO: check
+CVE-2026-45176 (Idira Endpoint Privilege Manager Agent versions prior to 26.5
exhibit ...)
+ TODO: check
+CVE-2026-45106 (Weblate is a web based localization tool. Prior to version
2026.5, Web ...)
+ TODO: check
+CVE-2026-44705 (tmp is a temporary file and directory creator for node.js.
Prior to 0. ...)
+ TODO: check
+CVE-2026-44693 (Pi-hole FTL is the core engine of the Pi-hole network-level
advertisem ...)
+ TODO: check
+CVE-2026-44692 (Sharp is a content management framework built for Laravel as a
package ...)
+ TODO: check
+CVE-2026-44496 (Axios is a promise based HTTP client for the browser and
Node.js. Axio ...)
+ TODO: check
+CVE-2026-44495 (Axios is a promise based HTTP client for the browser and
Node.js. From ...)
+ TODO: check
+CVE-2026-44494 (Axios is a promise based HTTP client for the browser and
Node.js. From ...)
+ TODO: check
+CVE-2026-44492 (Axios is a promise based HTTP client for the browser and
Node.js. Prio ...)
+ TODO: check
+CVE-2026-44490 (Axios is a promise based HTTP client for the browser and
Node.js. Prio ...)
+ TODO: check
+CVE-2026-44489 (Axios is a promise based HTTP client for the browser and
Node.js. From ...)
+ TODO: check
+CVE-2026-44488 (Axios is a promise based HTTP client for the browser and
Node.js. Axio ...)
+ TODO: check
+CVE-2026-44487 (Axios is a promise based HTTP client for the browser and
Node.js. Prio ...)
+ TODO: check
+CVE-2026-44486 (Axios is a promise based HTTP client for the browser and
Node.js. Prio ...)
+ TODO: check
+CVE-2026-42568 (Yamcs is a mission control framework. Prior to versions 5.13.0
and 5.1 ...)
+ TODO: check
+CVE-2026-42558 (Xibo is an open source digital signage platform with a web
content man ...)
+ TODO: check
+CVE-2026-42542 (TDengine is an open source, time-series database optimized for
Interne ...)
+ TODO: check
+CVE-2026-42462 (Fedify is a TypeScript library for building federated server
apps powe ...)
+ TODO: check
+CVE-2026-41856 (The Spring GraphQL annotation detection mechanism for
@Controller data ...)
+ TODO: check
+CVE-2026-41700 (Spring for GraphQL applications that have enabled the
WebSocket transp ...)
+ TODO: check
+CVE-2026-41699 (Spring for GraphQL applications are vulnerable to Unsafe
Deserializati ...)
+ TODO: check
+CVE-2026-41001 (Spring Boot's ArtemisEmbeddedConfigurationFactory uses a
fixed, static ...)
+ TODO: check
+CVE-2026-41000 (Wss4jSecurityInterceptor did not consistently wire Apache
WSS4J Replay ...)
+ TODO: check
+CVE-2026-40999 (When WS-Addressing is used with non-anonymous ReplyTo or
FaultTo addre ...)
+ TODO: check
+CVE-2026-40998 (Jaxp13XPathTemplate evaluated XPath expressions for
StreamSource and S ...)
+ TODO: check
+CVE-2026-40997 (Several Spring WS integration paths with Spring Security could
surface ...)
+ TODO: check
+CVE-2026-40996 (Wss4jSecurityInterceptor defaulted
allowRSA15KeyTransportAlgorithm to ...)
+ TODO: check
+CVE-2026-40995 (X509AuthenticationProvider could issue a fully authenticated
X509Authe ...)
+ TODO: check
+CVE-2026-40994 (Wss4jSecurityInterceptor initialized its BSP (WS-I Basic
Security Prof ...)
+ TODO: check
+CVE-2026-40992 (Spring Boot's Mail auto-configuration does not enable hostname
verific ...)
+ TODO: check
+CVE-2026-40987 (A malicious or compromised FTP/SFTP/SMB server can write
arbitrary fil ...)
+ TODO: check
+CVE-2026-40986 (Spring Web Flow's JavaScript RemotingHandler renders the body
of an er ...)
+ TODO: check
+CVE-2026-40985 (Applications that configure the WebFlowELExpressionParser are
vulnerab ...)
+ TODO: check
+CVE-2026-3553 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-3341 (IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is
vulnerable to ...)
+ TODO: check
+CVE-2026-3329 (A remote unauthenticated attacker may be able to conduct
credential-gu ...)
+ TODO: check
+CVE-2026-38581 (SQL Injection vulnerability in damasac thaipalliative_lte
through vers ...)
+ TODO: check
+CVE-2026-35273 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2026-2827 (The Open User Map PRO plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-1500 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-11986 (A flaw was found in the admin-ui-ext component of Keycloak,
which prov ...)
+ TODO: check
+CVE-2026-11956 (A vulnerability was determined in TwiN gatus 5.36.0. Impacted
is the f ...)
+ TODO: check
+CVE-2026-11945 (PostgreSQL Anonymizer contains a vulnerability that allows a
user to g ...)
+ TODO: check
+CVE-2026-11850 (An integer underflow vulnerability was found in MIT krb5 in
the berval ...)
+ TODO: check
+CVE-2026-11839 (Unrestricted upload of file with dangerous type vulnerability
in Ba\u0 ...)
+ TODO: check
+CVE-2026-11816 (Keras versions prior to 3.14.0 are vulnerable to a path
traversal issu ...)
+ TODO: check
+CVE-2026-11774 (An integer overflow flaw was found in the SASL I/O layer of
389 Direct ...)
+ TODO: check
+CVE-2026-11604 (An incorrect buffer size calculation in the epoch key
generator in Ope ...)
+ TODO: check
+CVE-2026-11561 (Improper neutralization of special elements used in an
expression lang ...)
+ TODO: check
+CVE-2026-10847 (A local privilege escalation vulnerability exists in Check
Point Ident ...)
+ TODO: check
+CVE-2026-10795 (The UpdraftPlus: WP Backup & Migration Plugin plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-10733 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-10142 (kafka-python prior to 2.3.2 contains a denial-of-service
vulnerability ...)
+ TODO: check
+CVE-2026-10087 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-0274 (An improper validation of credentials vulnerability in the
CommvaultSe ...)
+ TODO: check
+CVE-2026-0273 (A command injection vulnerability in Palo Alto Networks
PAN-OS\xae sof ...)
+ TODO: check
+CVE-2026-0272 (A privilege escalation vulnerability in Palo Alto Networks
PAN-OS\xae ...)
+ TODO: check
+CVE-2026-0271 (A privilege escalation (PE) vulnerability in the Palo Alto
Networks Pr ...)
+ TODO: check
+CVE-2026-0270 (A path traversal vulnerability in Palo Alto Networks Cortex
XSOAR engi ...)
+ TODO: check
+CVE-2026-0269 (A memory corruption vulnerability in the processing of tunnel
traffic ...)
+ TODO: check
+CVE-2026-0268 (A security control bypass vulnerability in Prisma Access Agent
for Lin ...)
+ TODO: check
+CVE-2026-0267 (An information exposure vulnerability in the Palo Alto Networks
Global ...)
+ TODO: check
+CVE-2026-0266 (A cross-site scripting (XSS) vulnerability in Palo Alto
Networks PAN-O ...)
+ TODO: check
+CVE-2025-7064 (Authentication bypass by primary weakness vulnerability in ABB
Freelan ...)
+ TODO: check
+CVE-2025-46315 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-46313 (A logging issue was addressed with improved data redaction.
This issue ...)
+ TODO: check
+CVE-2025-46308 (An authorization issue was addressed with improved state
management. T ...)
+ TODO: check
+CVE-2025-46293 (This issue was addressed with improved handling of symlinks.
This issu ...)
+ TODO: check
+CVE-2025-43339 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
+CVE-2025-43278 (This issue was addressed with improved handling of symlinks.
This issu ...)
+ TODO: check
+CVE-2025-31272 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2025-30459 (A privacy issue was addressed by removing the vulnerable code.
This is ...)
+ TODO: check
+CVE-2025-30431 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2025-24284 (This issue was addressed with improved checks to prevent
unauthorized ...)
+ TODO: check
+CVE-2025-24268 (A parsing issue in the handling of directory paths was
addressed with ...)
+ TODO: check
+CVE-2025-24165 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2024-45636 (IBM Security QRadar EDR 3.12 through 3.12.24 stores user
credentials i ...)
+ TODO: check
+CVE-2024-32110 (Cross-Site request forgery (CSRF) vulnerability in Magepeople
inc. WpE ...)
+ TODO: check
+CVE-2024-21944 (Improper input validation for DIMM serial presence detect
(SPD) metada ...)
+ TODO: check
+CVE-2023-40200 (Authorization bypass through User-Controlled key vulnerability
in Esse ...)
+ TODO: check
+CVE-2023-33999 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2023-32959 (Missing Authorization vulnerability in Sparkle WP MetroStore
metrostor ...)
+ TODO: check
+CVE-2022-48575 (A person with access to a Mac may be able to bypass Login
Window. A co ...)
+ TODO: check
+CVE-2026-10143 (kafka-python prior to 2.3.2 contains a denial-of-service
vulnerability ...)
- python-kafka <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487722
-CVE-2026-6893 [Root code execution via DHCP options command injection]
+CVE-2026-6893 (A flaw was found in dracut. A remote attacker on the adjacent
network ...)
- dracut <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2459963
TODO: check upstream status, as only reference is Red Hat bugzilla entry
@@ -1564,17 +1934,17 @@ CVE-2026-0418 (Insufficient configuration management in
the listed devicesallows
NOT-FOR-US: Netgear
CVE-2026-0417 (Insufficient input validation vulnerability in the listed
NETGEARdevic ...)
NOT-FOR-US: Netgear
-CVE-2026-0416 (Authenticated administrators connected to the local network can
modify ...)
+CVE-2026-0416 (An insufficient input validation vulnerability in certain
NETGEAR rout ...)
NOT-FOR-US: Netgear
CVE-2026-0415 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
NOT-FOR-US: Netgear
CVE-2026-0414 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
NOT-FOR-US: Netgear
-CVE-2026-0413 (Insufficient input validation of buffers vulnerability in
thelisted NE ...)
+CVE-2026-0413 (A buffer overflow vulnerability due to insufficient input
validationin ...)
NOT-FOR-US: Netgear
CVE-2026-0412 (Insufficient input validation vulnerability in NETGEAR JR6150
(AC750 W ...)
NOT-FOR-US: Netgear
-CVE-2026-0411 (An information disclosure vulnerability in theNETGEAROrbi
satellites c ...)
+CVE-2026-0411 (An information disclosure vulnerability in theNETGEAROrbi
satellites ( ...)
NOT-FOR-US: Netgear
CVE-2026-0410 (Authenticated administrators connected to the local network can
gain ...)
NOT-FOR-US: Netgear
@@ -2081,225 +2451,299 @@ CVE-2026-10553 (The jQuery Hover Footnotes plugin for
WordPress is vulnerable to
CVE-2026-10024 (The TinyMCE shortcode Addon plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2026-11628 (Use after free in Ozone in Google Chrome prior to
149.0.7827.103 allow ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11629 (Use after free in Ozone in Google Chrome prior to
149.0.7827.103 allow ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11630 (Use after free in File Input in Google Chrome prior to
149.0.7827.103 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11631 (Use after free in Aura in Google Chrome on Windows prior to
149.0.7827 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11632 (Use after free in TabStrip in Google Chrome prior to
149.0.7827.103 al ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11633 (Use after free in Bluetooth in Google Chrome on Mac prior to
149.0.782 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11634 (Use after free in Gamepad in Google Chrome on Windows prior to
149.0.7 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11635 (Use after free in Bluetooth in Google Chrome on Mac prior to
149.0.782 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11636 (Use after free in Autofill in Google Chrome on Windows prior
to 149.0. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11637 (Use after free in Views in Google Chrome on Mac prior to
149.0.7827.10 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11638 (Use after free in Printing in Google Chrome prior to
149.0.7827.103 al ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11639 (Use after free in Compositing in Google Chrome on Mac prior to
149.0.7 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11640 (Integer overflow in libyuv in Google Chrome prior to
149.0.7827.103 al ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11641 (Use after free in Bluetooth in Google Chrome on Windows prior
to 149.0 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11642 (Use after free in Web Apps in Google Chrome prior to
149.0.7827.103 al ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11643 (Use after free in Proxy in Google Chrome prior to
149.0.7827.103 allow ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11644 (Use after free in Views in Google Chrome on Linux prior to
149.0.7827. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11645 (Out of bounds read and write in V8 in Google Chrome prior to
149.0.782 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11646 (Use after free in ViewTransitions in Google Chrome prior to
149.0.7827 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11647 (Use after free in Printing in Google Chrome on Android prior
to 149.0. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11648 (Use after free in FullScreen in Google Chrome on Windows prior
to 149. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11649 (Use after free in V8 in Google Chrome prior to 149.0.7827.103
allowed ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11650 (Use after free in V8 in Google Chrome prior to 149.0.7827.103
allowed ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11651 (Use after free in Network in Google Chrome prior to
149.0.7827.103 all ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11652 (Use after free in Extensions in Google Chrome prior to
149.0.7827.103 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11653 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11654 (Use after free in CameraCapture in Google Chrome on Mac prior
to 149.0 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11655 (Integer overflow in Media in Google Chrome on Mac prior to
149.0.7827. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11656 (Use after free in ServiceWorker in Google Chrome prior to
149.0.7827.1 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11657 (Use after free in Payments in Google Chrome on Mac prior to
149.0.7827 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11658 (Insufficient validation of untrusted input in Extensions in
Google Chr ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11659 (Integer overflow in UI in Google Chrome on Linux prior to
149.0.7827.1 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11660 (Insufficient validation of untrusted input in New Tab Page in
Google C ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11661 (Use after free in Views in Google Chrome on Windows prior to
149.0.782 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11662 (Type Confusion in Bindings in Google Chrome prior to
149.0.7827.103 al ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11663 (Use after free in Skia in Google Chrome prior to
149.0.7827.103 allowe ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11664 (Use after free in Payments in Google Chrome prior to
149.0.7827.103 al ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11665 (Out of bounds read in Dawn in Google Chrome on Windows prior
to 149.0. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11666 (Insufficient validation of untrusted input in Input in Google
Chrome p ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11667 (Out of bounds read in WebRTC in Google Chrome prior to
149.0.7827.103 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11668 (Uninitialized Use in Codecs in Google Chrome on Linux,
ChromeOS prior ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11669 (Out of bounds read in Media in Google Chrome on ChromeOS prior
to 149. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11670 (Use after free in PDF in Google Chrome prior to 149.0.7827.103
allowed ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11671 (Use after free in Navigation in Google Chrome prior to
149.0.7827.103 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11672 (Heap buffer overflow in GPU in Google Chrome on Android prior
to 149.0 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11673 (Use after free in InterestGroups in Google Chrome prior to
149.0.7827. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11674 (Use after free in Guest View in Google Chrome prior to
149.0.7827.103 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11675 (Out of bounds read in Skia in Google Chrome prior to
149.0.7827.103 al ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11676 (Insufficient validation of untrusted input in Dawn in Google
Chrome on ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11677 (Race in Network in Google Chrome on Mac prior to
149.0.7827.103 allowe ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11678 (Integer overflow in libyuv in Google Chrome prior to
149.0.7827.103 al ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11679 (Use after free in Codecs in Google Chrome on Windows prior to
149.0.78 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11680 (Use after free in Media in Google Chrome on Windows prior to
149.0.782 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11681 (Use after free in Ozone in Google Chrome on Linux prior to
149.0.7827. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11682 (Inappropriate implementation in Views in Google Chrome on
Linux prior ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11683 (Use after free in WebCodecs in Google Chrome prior to
149.0.7827.103 a ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11684 (Insufficient policy enforcement in Network in Google Chrome
prior to 1 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11685 (Inappropriate implementation in MediaCapture in Google Chrome
on Mac p ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11686 (Insufficient validation of untrusted input in Dawn in Google
Chrome on ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11687 (Use after free in Dawn in Google Chrome on Mac prior to
149.0.7827.103 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11688 (Inappropriate implementation in SVG in Google Chrome prior to
149.0.78 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11689 (Insufficient policy enforcement in Passwords in Google Chrome
prior to ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11690 (Out of bounds read and write in Media in Google Chrome on Mac
prior to ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11691 (Insufficient validation of untrusted input in New Tab Page in
Google C ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11692 (Use after free in Read Anything in Google Chrome prior to
149.0.7827.1 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11693 (Inappropriate implementation in Plugins in Google Chrome prior
to 149. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11694 (Use after free in ServiceWorker in Google Chrome prior to
149.0.7827.1 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11695 (Inappropriate implementation in Passwords in Google Chrome
prior to 14 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11696 (Uninitialized Use in Video in Google Chrome on Windows prior
to 149.0. ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11697 (Insufficient validation of untrusted input in UI in Google
Chrome prio ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11698 (Use after free in Bluetooth in Google Chrome on Mac prior to
149.0.782 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11699 (Use after free in Bluetooth in Google Chrome on Mac prior to
149.0.782 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11700 (Use after free in Tracing in Google Chrome prior to
149.0.7827.103 all ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11701 (Inappropriate implementation in Guest View in Google Chrome
prior to 1 ...)
+ {DSA-6337-1}
- chromium 149.0.7827.102-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9669 (bz2.BZ2Decompressor objects could be reused after a
decompression erro ...)
@@ -2983,7 +3427,7 @@ CVE-2026-48165
CVE-2026-48163
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
-CVE-2026-49261
+CVE-2026-49261 (MariaDB server is a community developed fork of MySQL server.
Versions ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
CVE-2025-15646
@@ -5118,10 +5562,12 @@ CVE-2026-11309 (Insufficient policy enforcement in
History in Google Chrome prio
- chromium 149.0.7827.53-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9698 (DBI versions before 1.648 for Perl saved errors in a
limited-sized buf ...)
+ {DSA-6338-1}
- libdbi-perl 1.648-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40831067/
NOTE: Fixed by:
https://github.com/perl5-dbi/dbi/commit/bfe5d73c162d2d1f761a639a0aa33aad6a9eb54e
(1.648)
CVE-2026-10879 (DBI versions before 1.648 for Perl have a heap overflow when
preparsin ...)
+ {DSA-6338-1}
- libdbi-perl 1.648-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40729086/
NOTE: Fixed by:
https://github.com/perl5-dbi/dbi/commit/af79036c07aa9a457971c0f4136e37c85dc20978
(1.648)
@@ -5599,6 +6045,7 @@ CVE-2026-46739 (Net::Statsd versions before 0.13 for Perl
allow metric injection
NOTE: Fixed by:
https://github.com/cosimo/perl5-net-statsd/commit/a10b10173d6751991b7ade14b86dd272439d2283
(0.13)
NOTE: Testcase:
https://github.com/cosimo/perl5-net-statsd/commit/583dfdf0385120768d6cfca7264a6ebf337ff377
(0.13)
CVE-2026-50292 (In libinput before 1.30.4 and 1.31.x before 1.31.3,
libinput-device-gr ...)
+ {DSA-6339-1}
- libinput 1.31.3-1
NOTE: https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1296
NOTE: Fixed by:
https://gitlab.freedesktop.org/libinput/libinput/-/commit/76f0d8a7f57e2868882864b4611281f12f704b55
(main)
@@ -5932,6 +6379,7 @@ CVE-2026-XXXX [Horizon RC file generation does not escape
special characters in
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0097
NOTE: https://launchpad.net/bugs/2152240
CVE-2026-50266 (In OpenStack Neutron before 28.0.1, a project manager can
create or up ...)
+ {DSA-6340-1}
- neutron 2:28.0.0-7 (bug #1138844)
[bookworm] - neutron <not-affected> (Vulnerable code not present)
[bullseye] - neutron <not-affected> (Vulnerable code not present)
@@ -5944,14 +6392,17 @@ CVE-2026-41283 (OpenStack Mistral through 22.0.0 allows
Arbitrary Remote Code Ex
NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/14
NOTE: https://launchpad.net/bugs/2147178
CVE-2026-44917 (OpenStack Ironic before 35.0.2 allows a malicious
authenticated projec ...)
+ {DSA-6341-1}
- ironic <unfixed> (bug #1138842)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/13
NOTE: https://bugs.launchpad.net/ironic/+bug/2148319
CVE-2026-48681 (OpenStack Ironic through before 35.0.2 allows file overwrite
via direc ...)
+ {DSA-6341-1}
- ironic <unfixed> (bug #1138842)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/12
NOTE: https://bugs.launchpad.net/ironic/+bug/2148333
CVE-2026-46447 (OpenStack Ironic before 35.0.2 allows Boot Script Injection of
an iPXE ...)
+ {DSA-6341-1}
- ironic <unfixed> (bug #1138842)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/11
NOTE: https://bugs.launchpad.net/ironic/+bug/2150624
@@ -8512,13 +8963,13 @@ CVE-2024-13745
[trixie] - edk2 <no-dsa> (Minor issue, revisit when/if fixed upstream)
[bookworm] - edk2 <no-dsa> (Minor issue, revisit when/if fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/29/2
-CVE-2026-49214
+CVE-2026-49214 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation
in PHP. ...)
- php-guzzlehttp-psr7 2.10.3-1 (bug #1138265)
[trixie] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
[bookworm] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
[bullseye] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
NOTE:
https://github.com/guzzle/psr7/security/advisories/GHSA-hq7v-mx3g-29hw
-CVE-2026-48998
+CVE-2026-48998 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation
in PHP. ...)
- php-guzzlehttp-psr7 2.10.3-1 (bug #1138265)
[trixie] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
[bookworm] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
@@ -9392,19 +9843,19 @@ CVE-2026-XXXX [dulwich: Submodule clone allows writing
to arbitrary path]
- dulwich 1.2.5-1
NOTE:
https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544
NOTE:
https://github.com/jelmer/dulwich/commit/1ca18147a1d03b61c2ae203c46bf0b2a2f5dd421
(dulwich-1.2.5)
-CVE-2026-47734 [dulwich: Unbounded memory allocation in receive-pack from
crafted thin packs]
+CVE-2026-47734 (Dulwich is a pure-Python implementation of the Git file
formats and pr ...)
- dulwich 1.2.5-1
NOTE:
https://github.com/jelmer/dulwich/security/advisories/GHSA-xrvj-v92f-53gj
NOTE:
https://github.com/jelmer/dulwich/commit/f860ca489d63624ae6d7c7945fbbd19018b8125c
(dulwich-1.2.5)
-CVE-2026-47712 [dulwich: Commit subjects not sanitized in
porcelain.format_patch]
+CVE-2026-47712 (Dulwich is a pure-Python implementation of the Git file
formats and pr ...)
- dulwich 1.2.5-1
NOTE:
https://github.com/jelmer/dulwich/security/advisories/GHSA-555p-6grf-mh7f
NOTE:
https://github.com/jelmer/dulwich/commit/0fd6e6bb61f8017b1af4b5fdbf7602ddbcf6d17e
(dulwich-1.2.5)
-CVE-2026-42563 [dulwich: Command Injection via Merge Driver Path]
+CVE-2026-42563 (Dulwich is a pure-Python implementation of the Git file
formats and pr ...)
- dulwich 1.2.5-1
NOTE:
https://github.com/jelmer/dulwich/security/advisories/GHSA-9277-mp7x-85jf
NOTE:
https://github.com/jelmer/dulwich/commit/0110b885a1ab5b2128473263a6ff5b7230732e49
(dulwich-1.2.5)
-CVE-2026-42305
+CVE-2026-42305 (Dulwich is a pure-Python implementation of the Git file
formats and pr ...)
- dulwich <not-affected> (Windows-specific)
NOTE:
https://github.com/jelmer/dulwich/security/advisories/GHSA-897w-fcg9-f6xj
CVE-2026-9828 (Deserialization of untrusted data vulnerability in QOS.CH Sarl
logback ...)
@@ -10688,7 +11139,7 @@ CVE-2026-8054 (Improper Neutralization of Special
Elements used in an SQL Comman
NOT-FOR-US: dotCMS
CVE-2026-8042 (The Github Shortcode plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-7876 (IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19)
+CVE-2026-7876 (IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19is affected by an
authent ...)
NOT-FOR-US: IBM
CVE-2026-7618 (The Env\xedaloSimple: Email Marketing y Newsletters plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
@@ -13206,7 +13657,7 @@ CVE-2026-9541 (A security flaw has been discovered in
Squirrel up to 3.2. Impact
NOTE: https://github.com/albertodemichelis/squirrel/issues/327
CVE-2026-9540 (A vulnerability was identified in vllm-project vllm 0.19.0.
This issue ...)
- vllm <itp> (bug #1095237)
-CVE-2026-9170 (IBM HTTP Server 8.5, and 9.0)
+CVE-2026-9170 (IBM HTTP Server 8.5, and 9.0is vulnerable to denial of service
and a p ...)
NOT-FOR-US: IBM
CVE-2026-8890 (code100x contains an authentication bypass vulnerability in the
Mobile ...)
NOT-FOR-US: code100x
@@ -15101,37 +15552,37 @@ CVE-2026-42538 (IRIS is a web collaborative platform
that helps incident respond
NOT-FOR-US: DFIR-IRIS
CVE-2026-42329 (Iris is a web collaborative platform that helps incident
responders sh ...)
NOT-FOR-US: DFIR-IRIS
-CVE-2026-42326
+CVE-2026-42326 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/06301590988fc62e17b4ae6e937d411cc1089ef1
(7.1.2-22)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/4bbc9cf334ec0c136d4aa8c28afab17120cc954c
(6.9.13-47)
-CVE-2026-45031
+CVE-2026-45031 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cwpj-h54c-xjpx
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/a96763d717e27d6d136aa734d1cf4b33a91555d0
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/de0f3f1ee15c783d139135e93cff212ee37e89af
(6.9.13-48)
-CVE-2026-45359
+CVE-2026-45359 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhrh-72hq-w8m7
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/9f18e2890088705c9a3dc867a7f2e31be50b8f41
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/c590530d406e7628e6f1a8d0e7429b592bfadce8
(6.9.13-49)
-CVE-2026-45358
+CVE-2026-45358 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr6r-hmj8-pr7r
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/2cf3b5750bd7c96fbb92c3f02823ecd63f8dd232
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/1b962d30cc7ad94d18c5f24c8dbc6d48f534b99d
(6.9.13-48)
-CVE-2026-45624
+CVE-2026-45624 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pfvh-m9xv-8966
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/a66ab7bc559f041b1434606496b5b4b0906ff9a2
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/7736b7c458d0c694e26023ad4bd3436fc2f951ff
(6.9.13-48)
-CVE-2026-45664
+CVE-2026-45664 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6
@@ -15139,25 +15590,25 @@ CVE-2026-45664
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/6dc0130dbbde34b13126bc4fe25789f894b9e0c1
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/3d57d37907857d19b026760c47f1ac9c8c091c0d
(6.9.13-48)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/11ac03e5485a94a8c1ef06e79e8d77ded1d18d46
(6.9.13-48)
-CVE-2026-46692
+CVE-2026-46692 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p93h-f2jc-477j
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/75bcc76eac8b26ce0d6900117c9b308b0aed5719
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/6efd2e9277e6e6f5a8171d6c67bc93f1ff1f3eb8
(6.9.13-48)
-CVE-2026-46521
+CVE-2026-46521 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jcqp-6r6f-3mfx
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/188fcf538f58a60109ebd008e2c40d29cf3966d7
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/61adf32771284186f2fbaea220062226123ac394
(6.9.13-48)
-CVE-2026-46520
+CVE-2026-46520 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-36wm-hprc-mcf5
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/3aa35741316909f9e384d13cee197334dc3296d7
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/4095aa6144646ec6f04d254f050d7cbb04af293f
(6.9.13-48)
-CVE-2026-46693
+CVE-2026-46693 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4g75-9r48-jf92
@@ -15166,25 +15617,25 @@ CVE-2026-46693
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/d954e9c48a7b2bdb76f0c9a3f8bc0e22071288e6
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/6b1e965f94eaf73f9ed459f86d87254e72c87156
(6.9.13-48)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/0cde9421b635a66a42a6f23f995fbd9a325965cb
(6.9.13-48)
-CVE-2026-46522
+CVE-2026-46522 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7gg8-qqx7-92g5
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/e8431d4a282013851cb698fdf29b1d7ad80ad7cb
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/466237e1116b46abde8af0f1794b42f1110e04b5
(6.9.13-48)
-CVE-2026-46523
+CVE-2026-46523 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/4d92249c84536a20e9723376ec016b4950dcb454
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/5ad5fdcc45871bdeeca414a883acb880532accce
(6.9.13-48)
-CVE-2026-46559
+CVE-2026-46559 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/ff2f155f2874737380a80195c5849a2f06cb6ff7
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/7d68aec1d02aaaeb513a1778e9702fa0d9ba9dcd
(6.9.13-48)
-CVE-2026-46557
+CVE-2026-46557 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
[bookworm] - imagemagick <not-affected> (vulnerable code introduced
later)
@@ -15192,13 +15643,13 @@ CVE-2026-46557
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rcr6-g7jc-f57g
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/06fb1aa7589f4eec363b33c2bbda5986a92bb259
(7.1.2-23)
NOTE: ImageMagick6 not affected:
https://github.com/ImageMagick/ImageMagick6/issues/430
-CVE-2026-47166
+CVE-2026-47166 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6gxq-f64p-5w6f
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/bb79e91155127dd6c3c18a01c8761e9c2ea82d70
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/2ca87784a434899067b8408e5f8a7f0165a8f884
(6.9.13-48)
-CVE-2026-47165
+CVE-2026-47165 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6310-1 DSA-6298-1 DLA-4609-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2rgj-gx5x-f62w
@@ -16381,7 +16832,7 @@ CVE-2026-5090 (Template::Plugin::HTML versions through
3.102 for Perl allows HTM
NOTE: https://github.com/abw/Template2/issues/327
NOTE: https://github.com/cpan-authors/Template2/pull/337
NOTE: Fixed by:
https://github.com/cpan-authors/Template2/commit/11c78a7a771d4af505efeb754a0b8775689c2eae
-CVE-2026-46529
+CVE-2026-46529 (Atril Document Viewer is the default document reader of the
MATE deskt ...)
{DSA-6286-1 DLA-4597-1 DLA-4596-1}
- evince 49~alpha-3
- evince-gtk3 48.4+dfsg-1 (unimportant)
@@ -18720,6 +19171,7 @@ CVE-2026-45033 (GitHub Copilot CLI brings AI-powered
coding assistance directly
CVE-2026-45028 (Astro is a web framework. Astro versions prior to 6.1.10 used
AES-GCM ...)
NOT-FOR-US: Astro
CVE-2026-44919 (In OpenStack Ironic through 35.x before a3f6d73, during image
handling ...)
+ {DSA-6341-1}
- ironic 1:35.0.1-3 (bug #1136655)
[bullseye] - ironic <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ironic/+bug/2150332
@@ -23685,6 +24137,7 @@ CVE-2026-6411 (This vulnerability, in the MAXHUB Pivot
client application versio
CVE-2026-4935 (The OttoKit: All-in-One Automation Platform WordPress plugin
before 1. ...)
NOT-FOR-US: WordPress plugin
CVE-2026-44916 (In OpenStack Ironic before 35.0.2 (in a certain non-default
configurat ...)
+ {DSA-6341-1}
- ironic 1:35.0.1-2 (bug #1136005)
[bullseye] - ironic <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ironic/+bug/2148307
@@ -24051,7 +24504,7 @@ CVE-2026-7414 (Yarbo firmware v2.3.9 contains hardcoded
administrative credentia
NOT-FOR-US: Yarbo
CVE-2026-7413 (A hidden, persistent backdoor was found in Yarbo firmware
v2.3.9 that ...)
NOT-FOR-US: Yarbo
-CVE-2026-6973 (A configuration control vulnerability
intheIvantiEndpointManagerMobile ...)
+CVE-2026-6973 (An Improper Input Validation in Ivanti EPMMbeforeversions
12.6.1.1, 12 ...)
NOT-FOR-US: Ivanti
CVE-2026-6805 (Vulnerability on the external sharing feature in Cryptobox
allows an a ...)
NOT-FOR-US: Cryptobox
@@ -24875,7 +25328,8 @@ CVE-2026-7931 (Insufficient validation of untrusted
input in iOS in Google Chrom
{DSA-6250-1}
- chromium 148.0.7778.96-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7930 (Insufficient validation of untrusted input in Cookies in Google
Chrome ...)
+CVE-2026-7930
+ REJECTED
{DSA-6250-1}
- chromium 148.0.7778.96-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -26622,6 +27076,7 @@ CVE-2026-43002 (An issue was discovered in OpenStack
Horizon 25.6 and 25.7 befor
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/7
NOTE: https://bugs.launchpad.net/horizon/+bug/2150331
CVE-2026-42997 (An issue was discovered in idrac in OpenStack Ironic before
35.0.1. Du ...)
+ {DSA-6341-1}
- ironic 1:35.0.1-1 (bug #1135811)
[bullseye] - ironic <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ironic/+bug/2148317
@@ -34761,7 +35216,8 @@ CVE-2026-21997 (Vulnerability in the Oracle Life
Sciences Empirica Signal produc
NOT-FOR-US: Oracle
CVE-2026-1354 (Zero Motorcycles firmware versions 44 and prior enable an
attacker to ...)
NOT-FOR-US: Zero Motorcycles
-CVE-2025-70420 (A SQL injection vulnerability exists in Genesys Latitude
v25.1.0.420 t ...)
+CVE-2025-70420
+ REJECTED
NOT-FOR-US: Genesys Latitude
CVE-2026-6745 (A vulnerability was determined in Bagisto up to 2.3.15.
Affected by th ...)
NOT-FOR-US: Bagisto
@@ -65724,7 +66180,8 @@ CVE-2026-27074 (Improper Neutralization of Input During
Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27069 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-27066 (Missing Authorization vulnerability in PI Web Solution Live
sales noti ...)
+CVE-2026-27066
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27059 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
@@ -67447,7 +67904,7 @@ CVE-2026-2050 [ZDI-CAN-28266: New Vulnerability Report
at rgbe.c]
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/446
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gegl/-/commit/d32f1badb4bde1d6e8137f687d9ee1195768d4ed
-CVE-2026-2049 [ZDI-CAN-28618: New Vulnerability Report at rgbe.c]
+CVE-2026-2049 (GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
{DSA-6142-1 DLA-4487-1}
- gegl 1:0.4.66-1
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/450
@@ -78273,7 +78730,7 @@ CVE-2026-24061 (telnetd in GNU Inetutils through 2.7
allows remote authenticatio
NOTE: Introduced with:
https://codeberg.org/inetutils/inetutils/commit/fa3245ac8c288b87139a0da8249d0a408c4dfb87
(inetutils-1_9_3)
NOTE: Fixed by:
https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b
NOTE: Fixed by:
https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc
-CVE-2026-1220
+CVE-2026-1220 (Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a
remote at ...)
{DSA-6108-1}
- chromium 144.0.7559.96-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -152781,7 +153238,7 @@ CVE-2025-5822 (Autel MaxiCharger AC Wallbox
Commercial Technician API Incorrect
CVE-2025-5015 (A cross-site scripting vulnerability exists in the AccuWeather
and Cus ...)
NOT-FOR-US: Parsons
CVE-2025-52999 (jackson-core contains core low-level incremental ("streaming")
parser ...)
- {DLA-4623-1}
+ {DSA-6336-1 DLA-4623-1}
- jackson-core 2.14.1-2 (bug #1108367)
NOTE:
https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3
NOTE: https://github.com/FasterXML/jackson-core/pull/943
@@ -243407,6 +243864,7 @@ CVE-2024-20440 (A vulnerability in Cisco Smart
Licensing Utility could allow an
CVE-2024-20439 (A vulnerability in Cisco Smart Licensing Utility (CSLU) could
allow an ...)
NOT-FOR-US: Cisco
CVE-2024-44082 (In OpenStack Ironic before 26.0.1 and ironic-python-agent
before 9.13. ...)
+ {DSA-6341-1}
- ironic 1:26.1.0-1
[bullseye] - ironic <postponed> (Minor issue; can be fixed in next
update)
- ironic-python-agent 9.14.0-1
@@ -364209,8 +364667,8 @@ CVE-2023-25971 (Cross-Site Request Forgery (CSRF)
vulnerability in FixBD Educare
NOT-FOR-US: WordPress plugin
CVE-2023-25970 (Unrestricted Upload of File with Dangerous Type vulnerability
in Zendr ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25969
- RESERVED
+CVE-2023-25969 (Missing Authorization vulnerability in ThemeHunk Contact Form
& Lead F ...)
+ TODO: check
CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs,
Madalin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25967 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo
Community by ...)
@@ -380710,8 +381168,8 @@ CVE-2022-47152 (Cross-Site Request Forgery (CSRF)
vulnerability in Etison, LLC C
NOT-FOR-US: WordPress plugin
CVE-2022-47151 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47150
- RESERVED
+CVE-2022-47150 (Cross-Site request forgery (CSRF) vulnerability in weDevs
WooCommerce ...)
+ TODO: check
CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty
Links plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP
Overnight PDF In ...)
@@ -384922,8 +385380,8 @@ CVE-2022-45815 (Cross-Site Request Forgery (CSRF)
vulnerability in StylemixTheme
NOT-FOR-US: WordPress plugin
CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von
Allmen W ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45813
- RESERVED
+CVE-2022-45813 (Missing Authorization vulnerability in BeRocket Advanced AJAX
Product ...)
+ TODO: check
CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45811 (Missing Authorization vulnerability in WeyHan Ng Post
Teaser.This issu ...)
@@ -389515,8 +389973,8 @@ CVE-2022-44632 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerability in 1ap ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44630
- RESERVED
+CVE-2022-44630 (Cross-Site request forgery (CSRF) vulnerability in YITH YITH
WooCommer ...)
+ TODO: check
CVE-2022-44629 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Cata ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jump ...)
@@ -394399,8 +394857,8 @@ CVE-2022-42494 (Server Side Request Forgery (SSRF)
vulnerability in All in One S
NOT-FOR-US: WordPress plugin
CVE-2022-42485 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Galax ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-42479
- RESERVED
+CVE-2022-42479 (Missing Authorization vulnerability in TemplateHouse Soledad
allows Ac ...)
+ TODO: check
CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inAdeel
Ahmed'sI ...)
NOT-FOR-US: Adeel Ahmed's IP Blacklist
CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google
Authenticat ...)
@@ -441940,8 +442398,8 @@ CVE-2022-26760 (A memory corruption issue was
addressed with improved state mana
NOT-FOR-US: Apple
CVE-2022-26759
RESERVED
-CVE-2022-26758
- RESERVED
+CVE-2022-26758 (A malicious application may cause unexpected changes in memory
shared ...)
+ TODO: check
CVE-2022-26757 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
CVE-2022-26756 (An out-of-bounds write issue was addressed with improved input
validat ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3289cfe21440bbee7d384c80fe79e3661eefa99
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3289cfe21440bbee7d384c80fe79e3661eefa99
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
