Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
156ae472 by security tracker role at 2026-06-13T07:13:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,241 @@
+CVE-2026-9848 (The WP Ticket plugin for WordPress is vulnerable to SQL
Injection via ...)
+ TODO: check
+CVE-2026-9134 (The FooGallery plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-9109 (The GPTranslate \u2013 Multilingual AI Translation for
WordPress: Auto ...)
+ TODO: check
+CVE-2026-9062 (The Store Locator WordPress plugin before 1.6.9 does not
validate a pa ...)
+ TODO: check
+CVE-2026-9061 (The Store Locator WordPress plugin before 1.6.9 does not
sanitize and ...)
+ TODO: check
+CVE-2026-6676 (Heap buffer out-of-bounds write vulnerability in Avira
Antivirus engin ...)
+ TODO: check
+CVE-2026-54398 (An authorization flaw in MISP\u2019s object add/edit handling
allowed ...)
+ TODO: check
+CVE-2026-54397 (A vulnerability in MISP\u2019s non-REST event editing path
allowed an ...)
+ TODO: check
+CVE-2026-54396 (An information disclosure vulnerability exists in the MISP
AuthKey edi ...)
+ TODO: check
+CVE-2026-54395 (MISP contains a reflected cross-site scripting vulnerability
in the Ui ...)
+ TODO: check
+CVE-2026-54394 (MISP contains a path traversal vulnerability in
OrganisationsControlle ...)
+ TODO: check
+CVE-2026-54393 (A stored cross-site scripting vulnerability exists in MISP
when the Ov ...)
+ TODO: check
+CVE-2026-54362 (An incorrect visibility condition in the MISP event template
builder a ...)
+ TODO: check
+CVE-2026-54361 (MISP contained multiple mass assignment vulnerabilities in the
handlin ...)
+ TODO: check
+CVE-2026-54360 (A mass assignment vulnerability exists in MISP\u2019s sharing
group cr ...)
+ TODO: check
+CVE-2026-54359 (MISP contains an insecure default configuration in which the
Security. ...)
+ TODO: check
+CVE-2026-54358 (An incorrect authorization vulnerability in MISP allows an
organizatio ...)
+ TODO: check
+CVE-2026-54357 (An improper authorization vulnerability in MISP allowed an
authenticat ...)
+ TODO: check
+CVE-2026-54231 (A content injection vulnerability was found in the ABRT
post-create ev ...)
+ TODO: check
+CVE-2026-54230 (A symlink following vulnerability was found in the ABRT
post-create ev ...)
+ TODO: check
+CVE-2026-54229 (A race condition was found in the abrt-dbus D-Bus service's
ChownProbl ...)
+ TODO: check
+CVE-2026-54228 (A time-of-check time-of-use (TOCTOU) race condition was found
in the a ...)
+ TODO: check
+CVE-2026-54095
+ REJECTED
+CVE-2026-54057 (Kitty is a cross-platform GPU based terminal. In versions
prior to 0.4 ...)
+ TODO: check
+CVE-2026-54056 (Kitty is a cross-platform GPU based terminal. In versions
0.47.0 and 0 ...)
+ TODO: check
+CVE-2026-54055 (Kitty is a cross-platform GPU based terminal. In versions
prior to 0.4 ...)
+ TODO: check
+CVE-2026-53868 (Capgo before 12.128.2 contains a denial of service
vulnerability allow ...)
+ TODO: check
+CVE-2026-53867 (Capgo before 12.128.2 fails to delete previously uploaded
profile imag ...)
+ TODO: check
+CVE-2026-53839 (OpenClaw before 2026.5.7 contains a hostname validation
vulnerability ...)
+ TODO: check
+CVE-2026-53838 (OpenClaw before 2026.5.27 contains a state mutation
vulnerability in n ...)
+ TODO: check
+CVE-2026-53837 (OpenClaw before 2026.5.6 contains an improper access control
vulnerabi ...)
+ TODO: check
+CVE-2026-53836 (OpenClaw before 2026.5.12 contains an allowlist bypass
vulnerability i ...)
+ TODO: check
+CVE-2026-53835 (OpenClaw before 2026.5.6 contains a configuration enforcement
bypass v ...)
+ TODO: check
+CVE-2026-53834 (OpenClaw before 2026.4.27 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-53833 (OpenClaw before 2026.4.29 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-53832 (OpenClaw before 2026.5.18 contains an identity header
validation vulne ...)
+ TODO: check
+CVE-2026-53831 (OpenClaw before 2026.5.18 contains a policy enforcement
vulnerability ...)
+ TODO: check
+CVE-2026-53830 (OpenClaw before 2026.4.22 contains a webhook secret revocation
bypass ...)
+ TODO: check
+CVE-2026-53829 (OpenClaw before 2026.5.18 contains an approval display
truncation vuln ...)
+ TODO: check
+CVE-2026-53828 (OpenClaw before 2026.5.6 contains an authorization bypass
vulnerabilit ...)
+ TODO: check
+CVE-2026-53827 (OpenClaw before 2026.5.2 contains a credential exposure
vulnerability ...)
+ TODO: check
+CVE-2026-53826 (OpenClaw before 2026.4.26 contains an information disclosure
vulnerabi ...)
+ TODO: check
+CVE-2026-53825 (OpenClaw before 2026.4.7 contains an arbitrary file read
vulnerability ...)
+ TODO: check
+CVE-2026-53824 (OpenClaw before 2026.4.24 contains a token revocation
vulnerability al ...)
+ TODO: check
+CVE-2026-53823 (OpenClaw before 2026.5.3 contains a privilege escalation
vulnerability ...)
+ TODO: check
+CVE-2026-53822 (OpenClaw before 2026.5.18 contains a command injection
vulnerability w ...)
+ TODO: check
+CVE-2026-53821 (OpenClaw before 2026.5.18 accepts WebSocket client-declared
operator s ...)
+ TODO: check
+CVE-2026-53820 (OpenClaw before 2026.5.12 contains an exec denylist bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-53609 (ApostropheCMS is an open-source Node.js content management
system. In ...)
+ TODO: check
+CVE-2026-53608 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
+ TODO: check
+CVE-2026-53607 (ApostropheCMS is an open-source Node.js content management
system. In ...)
+ TODO: check
+CVE-2026-53606 (ApostropheCMS is an open-source Node.js content management
system, and ...)
+ TODO: check
+CVE-2026-53523 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-53522 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-53521 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-53520 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-53519 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-50552 (Koel is a free, open-source music streaming solution. Prior to
version ...)
+ TODO: check
+CVE-2026-50287 (AgenticMail gives AI agents real email addresses and phone
numbers. Pr ...)
+ TODO: check
+CVE-2026-4870 (IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to
trigger ...)
+ TODO: check
+CVE-2026-49397 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-49396 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-48119 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-47268 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-47264 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-47263 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-47260 (Koel is a free, open-source music streaming solution. Prior to
version ...)
+ TODO: check
+CVE-2026-47124 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-47120 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-46717 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-46716 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
+ TODO: check
+CVE-2026-45775 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-45085 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-45014 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
+ TODO: check
+CVE-2026-45013 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
+ TODO: check
+CVE-2026-45012 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
+ TODO: check
+CVE-2026-45011 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
+ TODO: check
+CVE-2026-44990 (ApostropheCMS is an open-source Node.js content management
system, and ...)
+ TODO: check
+CVE-2026-44786 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-44785 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-44784 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-44783 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-44782 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-44780 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-44779 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
+ TODO: check
+CVE-2026-43872 (Actual is an open-source personal finance application. Prior
to versio ...)
+ TODO: check
+CVE-2026-42890 (Actual is an open-source personal finance application. In the
macOS de ...)
+ TODO: check
+CVE-2026-42853 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
+ TODO: check
+CVE-2026-42851 (Kitty is a cross-platform GPU based terminal. In versions
prior to 0.4 ...)
+ TODO: check
+CVE-2026-42850 (Kitty is a cross-platform GPU based terminal. In versions
prior to 0.4 ...)
+ TODO: check
+CVE-2026-42604 (Actual is a local-first personal finance tool. The `POST
/openid/confi ...)
+ TODO: check
+CVE-2026-41158 (Software installed and run as a non-privileged user may
conduct GPU sy ...)
+ TODO: check
+CVE-2026-41157 (A web page that contains unusual WebGPU content loaded into
the GPU GL ...)
+ TODO: check
+CVE-2026-41155 (An attacker could cooperatively pass data from one secure GPU
process ...)
+ TODO: check
+CVE-2026-34195 (Software installed and run as a non-privileged user may
conduct intent ...)
+ TODO: check
+CVE-2026-24618 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2026-12131 (A weakness has been identified in CodeAstro Human Resource
Management ...)
+ TODO: check
+CVE-2026-12130 (A security flaw has been discovered in CodeAstro Human
Resource Manage ...)
+ TODO: check
+CVE-2026-12129 (A vulnerability was identified in CodeAstro Human Resource
Management ...)
+ TODO: check
+CVE-2026-12089 (The LWS Optimize \u2013 All-in-One Speed Booster & Cache Tools
plugin ...)
+ TODO: check
+CVE-2026-12068 (Information disclosure vulnerability in Avira Password Manager
when us ...)
+ TODO: check
+CVE-2026-11769 (We have released version 5.24.0 of the Grafana Operator. This
patch in ...)
+ TODO: check
+CVE-2026-11443 (Allegra downloadAttachment Cross-Site Scripting Authentication
Bypass ...)
+ TODO: check
+CVE-2026-11442 (Allegra exportReport Directory Traversal Information
Disclosure Vulner ...)
+ TODO: check
+CVE-2025-9033 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus
engine ...)
+ TODO: check
+CVE-2025-9032 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus
engine ...)
+ TODO: check
+CVE-2025-7019 (Stack overflow vulnerability in Avast Antivirus when scanning a
malfor ...)
+ TODO: check
+CVE-2025-7018 (Null pointer dereference vulnerability in Avira Antivirus
engine when ...)
+ TODO: check
+CVE-2025-7017 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus
engine ...)
+ TODO: check
+CVE-2025-7011 (Heap out-of-bounds read vulnerability in Avast Antivirus when
scanning ...)
+ TODO: check
+CVE-2025-7010 (Stack overflow vulnerability due to uncontrolled recursion in
Avast An ...)
+ TODO: check
+CVE-2025-7009 (Heap buffer out-of-bounds read vulnerability in Avast Antivirus
when s ...)
+ TODO: check
+CVE-2025-7008 (Heap buffer out-of-bounds read vulnerability in Avast Antivirus
when s ...)
+ TODO: check
+CVE-2025-7006 (Use of stack memory after free vulnerability in Avast Antivirus
when s ...)
+ TODO: check
+CVE-2025-7005 (Uncontrolled recursion vulnerability in Avast Antivirus when
scanning ...)
+ TODO: check
+CVE-2025-7004 (Heap buffer out-of-bounds write vulnerability in Avast
Antivirus when ...)
+ TODO: check
+CVE-2025-7003 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus
engine ...)
+ TODO: check
+CVE-2025-7002 (Heap buffer out-of-bounds read vulnerability in Avira Antivirus
engine ...)
+ TODO: check
+CVE-2025-14098 (Heap buffer out-of-bounds write vulnerability due to integer
overflow ...)
+ TODO: check
CVE-2026-XXXX [RUSTSEC-2026-0172]
- rust-diesel <unfixed> (bug #1139877)
[trixie] - rust-diesel <no-dsa> (Minor issue)
@@ -102322,7 +102560,7 @@ CVE-2024-51999
REJECTED
CVE-2024-45675 (IBM Informix Dynamic Server 14.10 could allow a local user on
the syst ...)
NOT-FOR-US: IBM
-CVE-2025-8351 (Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in
Avast ...)
+CVE-2025-8351 (Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in
Avira ...)
NOT-FOR-US: Avast Antivirus on MacOS
CVE-2025-8045 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel
Driver, Arm ...)
NOT-FOR-US: ARM
@@ -102514,7 +102752,7 @@ CVE-2025-11772 (A carefully crafted DLL, copied to
C:\ProgramData\Synaptics
NOT-FOR-US: Synaptics
CVE-2025-11699 (nopCommerce v4.70 and prior, and version 4.80.3, does not
invalidate s ...)
NOT-FOR-US: nopCommerce
-CVE-2025-10101 (Heap-based Buffer Overflow, Out-of-bounds Write vulnerability
in Avast ...)
+CVE-2025-10101 (Heap buffer out-of-bounds read vulnerability in Avast
Antivirus when s ...)
NOT-FOR-US: Avast Antivirus
CVE-2024-56089 (An issue in Technitium through v13.2.2 enables attackers to
conduct a ...)
NOT-FOR-US: Technitium
@@ -607178,7 +607416,7 @@ CVE-2020-2523
CVE-2020-2522 (Vulnerability in the Oracle Knowledge product of Oracle
Knowledge (com ...)
NOT-FOR-US: Oracle
CVE-2020-2521
- RESERVED
+ REJECTED
CVE-2020-2520
RESERVED
CVE-2020-2519 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/156ae47201bdd1207d905f6fc16841c2ed093c50
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/156ae47201bdd1207d905f6fc16841c2ed093c50
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
