Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
10766888 by security tracker role at 2026-06-16T07:13:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,626 @@
+CVE-2026-9691 (Unauthenticated PHP Object Injection in Integration for
ActiveCampaign ...)
+ TODO: check
+CVE-2026-9262 (Use of a non-secure protocol as the default FTP configuration
in Canon ...)
+ TODO: check
+CVE-2026-9261 (Use of weak SSH cryptographic algorithms in Canon EOS Network
Setting ...)
+ TODO: check
+CVE-2026-9260 (Use of hard-coded cryptographic keys in Canon EOS Network
Setting Tool ...)
+ TODO: check
+CVE-2026-9259 (Improper validation of server certificates in Canon EOS Network
Settin ...)
+ TODO: check
+CVE-2026-9258 (Improper validation of SSH host keys in Canon EOS Network
Setting Tool ...)
+ TODO: check
+CVE-2026-9187 (The Abandoned Contact Form 7 plugin for WordPress is vulnerable
to una ...)
+ TODO: check
+CVE-2026-8443 (The WP Review Slider Pro plugin for WordPress is vulnerable to
SQL Inj ...)
+ TODO: check
+CVE-2026-7273 (A stack-based buffer overflow vulnerability in the CGI program
of Zyxe ...)
+ TODO: check
+CVE-2026-6964 (The Video Conferencing with Zoom plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-6933 (The Premmerce Dev Tools plugin for WordPress is vulnerable to
Remote C ...)
+ TODO: check
+CVE-2026-5149 (The RTMKit plugin for WordPress is vulnerable to Incorrect
Authorizati ...)
+ TODO: check
+CVE-2026-5064 (Potential security vulnerabilities have been identified in the
HP One ...)
+ TODO: check
+CVE-2026-54444
+ REJECTED
+CVE-2026-54296
+ REJECTED
+CVE-2026-54295
+ REJECTED
+CVE-2026-54294
+ REJECTED
+CVE-2026-54292
+ REJECTED
+CVE-2026-53430 (Improper Handling of Highly Compressed Data (Data
Amplification) vulne ...)
+ TODO: check
+CVE-2026-52722 (A signed integer overflow vulnerability was found in
GStreamer's VMnc ...)
+ TODO: check
+CVE-2026-52721 (Multiple out-of-bounds read vulnerabilities were found in
GStreamer's ...)
+ TODO: check
+CVE-2026-52720 (A heap buffer overflow vulnerability was found in GStreamer's
librfb ( ...)
+ TODO: check
+CVE-2026-52703 (Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.)
+ TODO: check
+CVE-2026-52702 (Unauthenticated Cross Site Scripting (XSS) in SEO Redirection
<= 9.17 ...)
+ TODO: check
+CVE-2026-52700 (Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.)
+ TODO: check
+CVE-2026-52699 (Unauthenticated Insecure Direct Object References (IDOR) in
VikRentCar ...)
+ TODO: check
+CVE-2026-52697 (Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.)
+ TODO: check
+CVE-2026-52695 (Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout
<= 1.8. ...)
+ TODO: check
+CVE-2026-52694 (Unauthenticated Sensitive Data Exposure in Signature Add-On
for WooCom ...)
+ TODO: check
+CVE-2026-52693 (Unauthenticated SQL Injection in eCommerce Product Catalog <=
3.5.5 ve ...)
+ TODO: check
+CVE-2026-52692 (Unauthenticated Sensitive Data Exposure in Affiliates Manager
<= 2.9.5 ...)
+ TODO: check
+CVE-2026-50892 (Incorrect access control in the "Let's Encrypt" certificate
download e ...)
+ TODO: check
+CVE-2026-50891 (Incorrect access control in the /admin/api/config component of
Filesta ...)
+ TODO: check
+CVE-2026-50890 (Bernd Bestel grocy v4.6.0 was discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2026-50889 (An input handling flaw in the HTTP refresh token process of
LLDAP v0.6 ...)
+ TODO: check
+CVE-2026-50888 (An authenticated Server-Side Request Forgery (SSRF) in the
custom scra ...)
+ TODO: check
+CVE-2026-50887 (A Server-Side Request Forgery (SSRF) in the automatic short
URL title ...)
+ TODO: check
+CVE-2026-50886 (Incorrect access control in the webhook management component
of Projec ...)
+ TODO: check
+CVE-2026-50885 (Incorrect access control in the share-based read endpoints of
Sismics ...)
+ TODO: check
+CVE-2026-50884 (Incorrect access control in statping-ng v0.93.0 allows
attackers to es ...)
+ TODO: check
+CVE-2026-50883 (An HTML injection vulnerability in the /src/highlight.rs
component of ...)
+ TODO: check
+CVE-2026-50882 (An issue in the /api/v0/pastes endpoint of anna-is-cute paste
v0.1.1 a ...)
+ TODO: check
+CVE-2026-50881 (Incorrect access control in the impworks Bonsai v6.0 allows
authentica ...)
+ TODO: check
+CVE-2026-50880 (An issue in the sendmail transport integration component of
YouTransfe ...)
+ TODO: check
+CVE-2026-50879 (An issue in the uploadPostHandler component of Andrei Marcu
linx-serve ...)
+ TODO: check
+CVE-2026-50878 (An issue in the attachment handling component of Feuerhamster
MailForm ...)
+ TODO: check
+CVE-2026-50877 (An issue in Zhoros SuperBin v1.0.0 allows attackers to execute
a direc ...)
+ TODO: check
+CVE-2026-50876 (A cross-site scripting (XSS) vulnerability in Deck9 Input
v2.0.1 allow ...)
+ TODO: check
+CVE-2026-50875 (Incorrect access control in the /{form}/webhooks/{webhook}
endpoint of ...)
+ TODO: check
+CVE-2026-50874 (An OS command injection vulnerability in the
/manage/features/media co ...)
+ TODO: check
+CVE-2026-50873 (An arbitrary file upload vulnerability in the attachment
handling comp ...)
+ TODO: check
+CVE-2026-50872 (An issue in the loopback request handling component of fossar
selfoss ...)
+ TODO: check
+CVE-2026-50871 (An OS command injection vulnerability in the media archiving
and expor ...)
+ TODO: check
+CVE-2026-50870 (An information disclosure vulnerability in the configuration
endpoint ...)
+ TODO: check
+CVE-2026-50869 (An issue in the api/plugin.php component of Bludit v3.19.0
allows atta ...)
+ TODO: check
+CVE-2026-50255 (Incorrect default permissions issue exists in Optical Disc
Archive Sof ...)
+ TODO: check
+CVE-2026-49954 (Discuz! X5.0 releases 20260320 through 20260610 contain a
local file i ...)
+ TODO: check
+CVE-2026-49953 (Discuz! X5.0 releases 20260320 through 20260610 contains a
CAPTCHA byp ...)
+ TODO: check
+CVE-2026-49952 (Discuz! X5.0 releases 20260320 through 20260501 contains an
authentica ...)
+ TODO: check
+CVE-2026-49781 (Unauthenticated PHP Object Injection in OttoKit <= 1.1.27
versions.)
+ TODO: check
+CVE-2026-49780 (Customer Privilege Escalation in Dokan <= 5.0.2 versions.)
+ TODO: check
+CVE-2026-49776 (Unauthenticated SQL Injection in GPTranslate \u2013
Multilingual AI Tr ...)
+ TODO: check
+CVE-2026-49775 (Unauthenticated Broken Access Control in Welcart e-Commerce <=
2.11.28 ...)
+ TODO: check
+CVE-2026-49773 (Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video
Player < ...)
+ TODO: check
+CVE-2026-49770 (Unauthenticated PHP Object Injection in WP Travel Engine <=
6.7.12 ver ...)
+ TODO: check
+CVE-2026-49769 (Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0
versions ...)
+ TODO: check
+CVE-2026-49768 (Unauthenticated PHP Object Injection in Happyforms <= 1.26.13
versions ...)
+ TODO: check
+CVE-2026-49766 (Subscriber Arbitrary File Deletion in WP User Manager <=
2.9.16 versio ...)
+ TODO: check
+CVE-2026-49765 (Unauthenticated PHP Object Injection in Integration for
Mailchimp and ...)
+ TODO: check
+CVE-2026-49764 (Unauthenticated Broken Authentication in RegistrationMagic <=
6.0.8.6 ...)
+ TODO: check
+CVE-2026-49763 (Unauthenticated PHP Object Injection in Integration for
Contact Form 7 ...)
+ TODO: check
+CVE-2026-49112 (Unauthenticated Path Traversal in Shared Files <= 1.7.64
versions.)
+ TODO: check
+CVE-2026-49110 (Unauthenticated Broken Authentication in Upsell Order Bump
Offer for W ...)
+ TODO: check
+CVE-2026-49109 (Unauthenticated PHP Object Injection in Integration for
Salesforce and ...)
+ TODO: check
+CVE-2026-49106 (Unauthenticated PHP Object Injection in Integration for
Contact Form 7 ...)
+ TODO: check
+CVE-2026-49105 (Unauthenticated PHP Object Injection in WP Zendesk for Contact
Form 7, ...)
+ TODO: check
+CVE-2026-49104 (Unauthenticated PHP Object Injection in Integration for
Keap/infusions ...)
+ TODO: check
+CVE-2026-49085 (Unauthenticated PHP Object Injection in WP Insightly for
Contact Form ...)
+ TODO: check
+CVE-2026-49083 (Contributor Privilege Escalation in LatePoint <= 5.5.1
versions.)
+ TODO: check
+CVE-2026-49082 (Subscriber Sensitive Data Exposure in Chatway Live Chat
– AI Cha ...)
+ TODO: check
+CVE-2026-49078 (Unauthenticated Other Vulnerability Type in WP Travel Engine
<= 6.7.10 ...)
+ TODO: check
+CVE-2026-49070 (Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0
versions.)
+ TODO: check
+CVE-2026-49068 (Subscriber Sensitive Data Exposure in Coupon Affiliates <=
7.8.1 versi ...)
+ TODO: check
+CVE-2026-49067 (Unauthenticated SQL Injection in Advanced 301 and 302 Redirect
<= 1.6. ...)
+ TODO: check
+CVE-2026-49066 (Unauthenticated Sensitive Data Exposure in Conekta Payment
Gateway <= ...)
+ TODO: check
+CVE-2026-49065 (Unauthenticated Broken Access Control in Hippoo Mobile App for
WooComm ...)
+ TODO: check
+CVE-2026-49063 (Unauthenticated Privilege Escalation in Listdom <= 5.5.0
versions.)
+ TODO: check
+CVE-2026-49061 (Unauthenticated Arbitrary File Download in WPC Product Options
for Woo ...)
+ TODO: check
+CVE-2026-49056 (Unauthenticated Sensitive Data Exposure in WooCommerce PDF
Invoices, P ...)
+ TODO: check
+CVE-2026-49055 (Unauthenticated Cross Site Scripting (XSS) in Drag and Drop
Multiple F ...)
+ TODO: check
+CVE-2026-49043 (Unauthenticated Cross Site Request Forgery (CSRF) in WP
Migrate Lite < ...)
+ TODO: check
+CVE-2026-48970 (Unauthenticated Broken Authentication in Really Simple SSL <=
9.5.10 v ...)
+ TODO: check
+CVE-2026-48966 (Unauthenticated Cross Site Scripting (XSS) in Funnel Builder
by Funnel ...)
+ TODO: check
+CVE-2026-48965 (Subscriber Sensitive Data Exposure in XCloner <= 4.8.6
versions.)
+ TODO: check
+CVE-2026-48964 (Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer
Ticketi ...)
+ TODO: check
+CVE-2026-48889 (Subscriber Privilege Escalation in Amelia <= 2.3 versions.)
+ TODO: check
+CVE-2026-48887 (Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9
version ...)
+ TODO: check
+CVE-2026-48886 (Unauthenticated SQL Injection in JS Help Desk <= 3.0.9
versions.)
+ TODO: check
+CVE-2026-48885 (Unauthenticated Cross Site Scripting (XSS) in HollerBox <=
2.3.10.1 ve ...)
+ TODO: check
+CVE-2026-48883 (Unauthenticated Broken Access Control in WPC Product Bundles
for WooCo ...)
+ TODO: check
+CVE-2026-48882 (Subscriber SQL Injection in WP Time Slots Booking Form <=
1.2.50 versi ...)
+ TODO: check
+CVE-2026-48881 (Unauthenticated Broken Access Control in TrueBooker <= 1.1.9
versions.)
+ TODO: check
+CVE-2026-48880 (Subscriber Cross Site Scripting (XSS) in WP Job Portal <=
2.5.2 versio ...)
+ TODO: check
+CVE-2026-48878 (Subscriber Sensitive Data Exposure in Visual Link Preview <=
2.4.1 ver ...)
+ TODO: check
+CVE-2026-48876 (Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <=
2026.3 ...)
+ TODO: check
+CVE-2026-48874 (Subscriber SQL Injection in GamiPress <= 7.8.7 versions.)
+ TODO: check
+CVE-2026-48873 (Unauthenticated Broken Access Control in Montonio for
WooCommerce <= 1 ...)
+ TODO: check
+CVE-2026-48872 (Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2
version ...)
+ TODO: check
+CVE-2026-48871 (Unauthenticated Cross Site Scripting (XSS) in MW WP Form <=
5.1.3 vers ...)
+ TODO: check
+CVE-2026-48870 (Subscriber Cross Site Scripting (XSS) in King Addons for
Elementor <= ...)
+ TODO: check
+CVE-2026-48868 (Unauthenticated Insecure Direct Object References (IDOR) in
Simple Sho ...)
+ TODO: check
+CVE-2026-48867 (Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey
Master < ...)
+ TODO: check
+CVE-2026-48854 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-48853 (Deserialization of Untrusted Data and Allocation of Resources
Without ...)
+ TODO: check
+CVE-2026-48838 (Unauthenticated Cross Site Scripting (XSS) in Post SMTP <=
3.6.2 versi ...)
+ TODO: check
+CVE-2026-48836 (Unauthenticated Remote Code Execution (RCE) in Easy Invoice <=
2.1.19 ...)
+ TODO: check
+CVE-2026-48835 (Unauthenticated Broken Access Control in Contact Form by
WPForms <= 1. ...)
+ TODO: check
+CVE-2026-48723 (The browserstack-cypress-cli is BrowserStack's CLI which
allows users ...)
+ TODO: check
+CVE-2026-48714 (i18next-http-middleware is a middleware to be used with
Node.js web fr ...)
+ TODO: check
+CVE-2026-48713 (Versions prior to 2.6.6 are vulnerable to prototype pollution
via craf ...)
+ TODO: check
+CVE-2026-48709 (OliveTin gives access to predefined shell commands from a web
interfac ...)
+ TODO: check
+CVE-2026-48708 (OliveTin gives access to predefined shell commands from a web
interfac ...)
+ TODO: check
+CVE-2026-48599 (Authorization Bypass Through User-Controlled Key vulnerability
in elix ...)
+ TODO: check
+CVE-2026-48518 (MultiJuicer is used to run separate Juice Shop instances on a
central ...)
+ TODO: check
+CVE-2026-48157 (Slim is a PHP micro framework that enables users to write
simple web a ...)
+ TODO: check
+CVE-2026-48124 (Cursor is a code editor built for programming with AI. In
versions pri ...)
+ TODO: check
+CVE-2026-48114 (Metacat is data repository software that helps researchers
preserve, s ...)
+ TODO: check
+CVE-2026-48017 (DbGate is cross-platform database manager. In versions 7.1.8
and prior ...)
+ TODO: check
+CVE-2026-47835 (In Spring AI Vector Stores, special characters could be used
to force ...)
+ TODO: check
+CVE-2026-47825 (Spring Cloud Gateway Server forwards the X-Forwarded-For and
Forwarded ...)
+ TODO: check
+CVE-2026-47261 (Wasmtime is a runtime for WebAssembly. In versions prior to
24.0.9, 36 ...)
+ TODO: check
+CVE-2026-45441 (Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3
version ...)
+ TODO: check
+CVE-2026-45439 (Unauthenticated SQL Injection in Realtyna Organic IDX plugin
<= 5.1.0 ...)
+ TODO: check
+CVE-2026-45437 (Unauthenticated Cross Site Scripting (XSS) in Product Filter
Widget fo ...)
+ TODO: check
+CVE-2026-45390 (In OCaml-tar before 3.4.0, a crafted archive with ../ path
segments in ...)
+ TODO: check
+CVE-2026-45389 (In OCaml-TLS before 2.1.0, the server implementation does
insufficient ...)
+ TODO: check
+CVE-2026-45388 (In OCaml-TLS before 2.1.0, the client implementation does
insufficient ...)
+ TODO: check
+CVE-2026-42775 (Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <=
5.7.2 ver ...)
+ TODO: check
+CVE-2026-42752 (Unauthenticated Bypass Vulnerability in Stripe Payments <=
2.0.98 vers ...)
+ TODO: check
+CVE-2026-42743 (Unauthenticated Broken Authentication in Masteriyo - LMS <=
2.1.8 vers ...)
+ TODO: check
+CVE-2026-42688 (Subscriber Cross Site Scripting (XSS) in Modula Image Gallery
<= 2.14. ...)
+ TODO: check
+CVE-2026-42687 (Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1
versions ...)
+ TODO: check
+CVE-2026-42686 (Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1
version ...)
+ TODO: check
+CVE-2026-42668 (Unauthenticated Broken Authentication in Email Marketing for
WooCommer ...)
+ TODO: check
+CVE-2026-42667 (Unauthenticated Sensitive Data Exposure in Bookly <= 27.4
versions.)
+ TODO: check
+CVE-2026-42666 (Unauthenticated Broken Access Control in Salon booking system
<= 10.30 ...)
+ TODO: check
+CVE-2026-42665 (Unauthenticated SQL Injection in WP Data Access <= 5.5.70
versions.)
+ TODO: check
+CVE-2026-42664 (Unauthenticated Broken Access Control in AI Product Search for
WooComm ...)
+ TODO: check
+CVE-2026-42663 (Unauthenticated Cross Site Scripting (XSS) in Simple
Membership <= 4.7 ...)
+ TODO: check
+CVE-2026-42662 (Unauthenticated Bypass Vulnerability in Event Tickets <=
5.27.5 versio ...)
+ TODO: check
+CVE-2026-42661 (Custom role Path Traversal in WP Customer Area <= 8.3.4
versions.)
+ TODO: check
+CVE-2026-42660 (Subscriber Sensitive Data Exposure in Contest Gallery <=
28.1.7 versio ...)
+ TODO: check
+CVE-2026-42659 (Subscriber Broken Access Control in Advanced Form Integration
<= 1.126 ...)
+ TODO: check
+CVE-2026-42658 (Unauthenticated Cross Site Scripting (XSS) in Classified
Listing <= 5. ...)
+ TODO: check
+CVE-2026-42657 (Unauthenticated Other Vulnerability Type in Contest Gallery <=
28.1.7 ...)
+ TODO: check
+CVE-2026-42656 (Subscriber Cross Site Scripting (XSS) in Contest Gallery <=
28.1.6 ver ...)
+ TODO: check
+CVE-2026-42655 (Unauthenticated Bypass Vulnerability in Best Payments Plugin
for WP <= ...)
+ TODO: check
+CVE-2026-42651 (Subscriber Broken Access Control in Classified Listing <=
5.3.9 versio ...)
+ TODO: check
+CVE-2026-42650 (Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <=
5.6.7 ver ...)
+ TODO: check
+CVE-2026-42649 (Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator
<= 1.2.1 ...)
+ TODO: check
+CVE-2026-42640 (Unauthenticated Broken Access Control in Classified Listing <=
5.3.8 v ...)
+ TODO: check
+CVE-2026-42639 (Unauthenticated SQL Injection in GD Rating System <= 3.6.2
versions.)
+ TODO: check
+CVE-2026-42411 (Unauthenticated Broken Authentication in CloudSecure WP
Security <= 1. ...)
+ TODO: check
+CVE-2026-42386 (Unauthenticated SQL Injection in Order Delivery Date for
WooCommerce < ...)
+ TODO: check
+CVE-2026-42384 (Unauthenticated Sensitive Data Exposure in Simply Schedule
Appointment ...)
+ TODO: check
+CVE-2026-42381 (Unauthenticated SQL Injection in Funnel Builder by FunnelKit
<= 3.15.0 ...)
+ TODO: check
+CVE-2026-42378 (Subscriber Broken Authentication in WP Full Stripe Free <=
8.4.1 versi ...)
+ TODO: check
+CVE-2026-41708 (In Spring Cloud Sleuth, it is possible for a user to provide
specially ...)
+ TODO: check
+CVE-2026-41556 (Subscriber Cross Site Scripting (XSS) in ProfilePress <=
4.16.13 versi ...)
+ TODO: check
+CVE-2026-40799 (Unauthenticated Broken Authentication in Simple Cloudflare
Turnstile < ...)
+ TODO: check
+CVE-2026-40798 (Unauthenticated SQL Injection in wpForo Forum <= 3.0.4
versions.)
+ TODO: check
+CVE-2026-40796 (Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9
versions.)
+ TODO: check
+CVE-2026-40795 (Subscriber Broken Access Control in Amelia <= 2.2 versions.)
+ TODO: check
+CVE-2026-40794 (Subscriber Broken Access Control in myCred <= 3.0.3 versions.)
+ TODO: check
+CVE-2026-40793 (Subscriber Broken Access Control in Groundhogg < 4.4.1
versions.)
+ TODO: check
+CVE-2026-40792 (Subscriber Insecure Direct Object References (IDOR) in
KiviCare <= 4.2 ...)
+ TODO: check
+CVE-2026-40791 (Unauthenticated Cross Site Scripting (XSS) in WP Time Slots
Booking Fo ...)
+ TODO: check
+CVE-2026-40790 (Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1
versions.)
+ TODO: check
+CVE-2026-40789 (Unauthenticated Sensitive Data Exposure in Amelia <= 2.2
versions.)
+ TODO: check
+CVE-2026-40788 (Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.)
+ TODO: check
+CVE-2026-40787 (Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey
Master < ...)
+ TODO: check
+CVE-2026-40785 (Subscriber Broken Authentication in AutomatorWP <= 5.6.7
versions.)
+ TODO: check
+CVE-2026-40782 (Unauthenticated Broken Access Control in WPAdverts <= 2.3.0
versions.)
+ TODO: check
+CVE-2026-40781 (Unauthenticated Broken Authentication in ReviewX <= 2.3.6
versions.)
+ TODO: check
+CVE-2026-40779 (Contributor Arbitrary File Deletion in Link Library <= 7.8.8
versions.)
+ TODO: check
+CVE-2026-40776 (Unauthenticated Broken Access Control in WP Event SOlution <=
4.1.8 ve ...)
+ TODO: check
+CVE-2026-40775 (Unauthenticated Broken Access Control in Royal MCP <= 1.4.2
versions.)
+ TODO: check
+CVE-2026-40774 (Unauthenticated Broken Access Control in Booking Package <=
1.7.06 ver ...)
+ TODO: check
+CVE-2026-40773 (Subscriber Broken Access Control in rtMedia for WordPress,
BuddyPress ...)
+ TODO: check
+CVE-2026-40772 (Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2
versions.)
+ TODO: check
+CVE-2026-40771 (Unauthenticated SQL Injection in Contest Gallery <= 28.1.6
versions.)
+ TODO: check
+CVE-2026-40770 (Unauthenticated Cross Site Scripting (XSS) in Coupon
Affiliates <= 7.5 ...)
+ TODO: check
+CVE-2026-40769 (Unauthenticated Arbitrary File Deletion in Contact Form
Extender for D ...)
+ TODO: check
+CVE-2026-40767 (Unauthenticated Broken Access Control in wpForo Forum < 3.0.2
versions ...)
+ TODO: check
+CVE-2026-40766 (Subscriber SQL Injection in MasterStudy LMS <= 3.7.25
versions.)
+ TODO: check
+CVE-2026-40762 (Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.)
+ TODO: check
+CVE-2026-40743 (Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7
versions.)
+ TODO: check
+CVE-2026-40741 (Unauthenticated Broken Access Control in Redsys for
WooCommerce Light ...)
+ TODO: check
+CVE-2026-40732 (Unauthenticated Cross Site Scripting (XSS) in Notification for
Telegra ...)
+ TODO: check
+CVE-2026-40727 (Sales Representative Arbitrary File Deletion in Groundhogg <=
4.4 vers ...)
+ TODO: check
+CVE-2026-39594 (Subscriber Broken Access Control in Ultra Addons for WPForms
<= 1.0.11 ...)
+ TODO: check
+CVE-2026-39591 (Subscriber Arbitrary File Upload in WP-BusinessDirectory <=
4.0.0 vers ...)
+ TODO: check
+CVE-2026-39587 (Unauthenticated Privilege Escalation in WP BASE Booking <=
5.9.0 versi ...)
+ TODO: check
+CVE-2026-39584 (Subscriber Broken Access Control in RepairBuddy <= 4.1132
versions.)
+ TODO: check
+CVE-2026-39583 (Unauthenticated Privilege Escalation in Datalogics Ecommerce
Delivery ...)
+ TODO: check
+CVE-2026-39579 (Contributor Privilege Escalation in B Blocks <= 2.0.31
versions.)
+ TODO: check
+CVE-2026-39540 (Subscriber Cross Site Scripting (XSS) in Shipment Tracker for
Woocomme ...)
+ TODO: check
+CVE-2026-39534 (Unauthenticated Broken Access Control in WP Directory Kit <=
1.5.0 ver ...)
+ TODO: check
+CVE-2026-39533 (Unauthenticated Broken Access Control in AWP Classifieds <=
4.4.4 vers ...)
+ TODO: check
+CVE-2026-39532 (Contributor PHP Object Injection in Events Calendar for
GeoDirectory < ...)
+ TODO: check
+CVE-2026-39530 (Unauthenticated SQL Injection in SpeakOut! Email Petitions <=
4.6.5 ve ...)
+ TODO: check
+CVE-2026-39527 (Subscriber Arbitrary File Upload in WpStream < 4.11.2
versions.)
+ TODO: check
+CVE-2026-39525 (Unauthenticated Broken Access Control in Booking Activities <=
1.16.48 ...)
+ TODO: check
+CVE-2026-39524 (Unauthenticated Broken Access Control in Masteriyo - LMS <=
2.1.5 vers ...)
+ TODO: check
+CVE-2026-39519 (Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.)
+ TODO: check
+CVE-2026-39518 (Subscriber Insecure Direct Object References (IDOR) in
EventPrime <= 4 ...)
+ TODO: check
+CVE-2026-39515 (Subscriber Broken Access Control in Motors < 1.4.107 versions.)
+ TODO: check
+CVE-2026-39514 (Unauthenticated Cross Site Scripting (XSS) in Paid Member
Subscription ...)
+ TODO: check
+CVE-2026-39513 (Unauthenticated Broken Access Control in Easy Appointments <=
3.12.21 ...)
+ TODO: check
+CVE-2026-39512 (Unauthenticated SQL Injection in GeoDirectory <= 2.8.152
versions.)
+ TODO: check
+CVE-2026-39511 (Unauthenticated SQL Injection in WP Photo Album Plus <=
9.1.08.001 ver ...)
+ TODO: check
+CVE-2026-39507 (Unauthenticated Cross Site Scripting (XSS) in Social Slider
Feed <= 2. ...)
+ TODO: check
+CVE-2026-39503 (Unauthenticated Broken Access Control in Easy Digital
Downloads <= 3.6 ...)
+ TODO: check
+CVE-2026-39502 (Unauthenticated SQL Injection in Form Maker by 10Web <=
1.15.38 versio ...)
+ TODO: check
+CVE-2026-39499 (Shop manager PHP Object Injection in Advanced Product Fields
(Product ...)
+ TODO: check
+CVE-2026-39498 (Shop manager PHP Object Injection in YayMail <= 4.3.3
versions.)
+ TODO: check
+CVE-2026-39493 (Unauthenticated SQL Injection in Simply Schedule Appointments
<= 1.6.9 ...)
+ TODO: check
+CVE-2026-39492 (Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.)
+ TODO: check
+CVE-2026-39491 (Subscriber Cross Site Scripting (XSS) in JupiterX Core <=
4.14.1 versi ...)
+ TODO: check
+CVE-2026-39489 (Author Arbitrary File Download in Download Monitor <= 5.1.9
versions.)
+ TODO: check
+CVE-2026-39481 (Author PHP Object Injection in Modula Image Gallery <= 2.14.18
version ...)
+ TODO: check
+CVE-2026-39480 (Unauthenticated Sensitive Data Exposure in Backup Migration <=
2.1.1 v ...)
+ TODO: check
+CVE-2026-39478 (Contributor PHP Object Injection in Anti-Malware Security and
Brute-Fo ...)
+ TODO: check
+CVE-2026-39474 (Contributor PHP Object Injection in Post Duplicator <= 3.0.10
versions ...)
+ TODO: check
+CVE-2026-39472 (Shop manager PHP Object Injection in WooCommerce PDF Invoices
& Packin ...)
+ TODO: check
+CVE-2026-39471 (Author PHP Object Injection in ShortPixel Image Optimizer <=
6.4.3 ver ...)
+ TODO: check
+CVE-2026-39470 (Shop manager Privilege Escalation in WooCommerce Cart
Abandonment Reco ...)
+ TODO: check
+CVE-2026-39468 (Contributor Arbitrary File Deletion in Meta Box \u2013
WordPress Custo ...)
+ TODO: check
+CVE-2026-39465 (Editor Remote Code Execution (RCE) in Responsive Slider by
MetaSlider ...)
+ TODO: check
+CVE-2026-39463 (Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker
<= 4.9.3 ...)
+ TODO: check
+CVE-2026-39451 (Unauthenticated Cross Site Scripting (XSS) in WP Google Review
Slider ...)
+ TODO: check
+CVE-2026-39450 (Subscriber Broken Authentication in FunnelKit Automations <=
3.7.3 ver ...)
+ TODO: check
+CVE-2026-39449 (Unauthenticated Cross Site Scripting (XSS) in Contact Form to
Any API ...)
+ TODO: check
+CVE-2026-39447 (Unauthenticated Cross Site Scripting (XSS) in Simply Schedule
Appointm ...)
+ TODO: check
+CVE-2026-39441 (Unauthenticated SQL Injection in Feed KuantoKusta for
WooCommerce \u20 ...)
+ TODO: check
+CVE-2026-39435 (Unauthenticated Cross Site Scripting (XSS) in CformsII <=
15.1.3 versi ...)
+ TODO: check
+CVE-2026-39434 (Shop manager PHP Object Injection in CTX Feed <= 6.6.26
versions.)
+ TODO: check
+CVE-2026-39197 (An issue in the /util/http/prelude.rs endpoint of Datadog, Inc
Vector ...)
+ TODO: check
+CVE-2026-39196 (Datadog, Inc Vector v0.54.0 was discovered to contain a SQL
injection ...)
+ TODO: check
+CVE-2026-39118 (An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows
a local ...)
+ TODO: check
+CVE-2026-39007 (An issue in Observeinc's Observe v.2026-01-28 and before
allows a remo ...)
+ TODO: check
+CVE-2026-39006 (An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to
execute arb ...)
+ TODO: check
+CVE-2026-38812 (RuoYi v4.8.2 is vulnerable to SQL Injection via the
/tool/gen/createTa ...)
+ TODO: check
+CVE-2026-38329 (Bludit CMS before version 3.18.4 allows Remote Code Execution
(RCE) vi ...)
+ TODO: check
+CVE-2026-38065 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
+ TODO: check
+CVE-2026-38064 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
+ TODO: check
+CVE-2026-38063 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
+ TODO: check
+CVE-2026-38062 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
+ TODO: check
+CVE-2026-38061 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
+ TODO: check
+CVE-2026-38060 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command
injecti ...)
+ TODO: check
+CVE-2026-37216 (Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the
interfa ...)
+ TODO: check
+CVE-2026-36933 (An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a
physical ...)
+ TODO: check
+CVE-2026-36670 (A Time-Based Blind SQL Injection vulnerability in the
alias_management ...)
+ TODO: check
+CVE-2026-36537 (ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass
during ...)
+ TODO: check
+CVE-2026-36521 (PublicCMS V5.202506.d has a Cross Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2026-36213 (An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a
local att ...)
+ TODO: check
+CVE-2026-34902 (Unauthenticated Cross Site Scripting (XSS) in WooCommerce
Product Tabl ...)
+ TODO: check
+CVE-2026-34901 (Unauthenticated Privilege Escalation in iControlWP <= 5.5.3
versions.)
+ TODO: check
+CVE-2026-34900 (Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2
version ...)
+ TODO: check
+CVE-2026-34898 (Unauthenticated Broken Access Control in Event Tickets Manager
for Woo ...)
+ TODO: check
+CVE-2026-34892 (Subscriber Broken Access Control in Rank Math SEO <= 1.0.271
versions.)
+ TODO: check
+CVE-2026-34891 (Unauthenticated Sensitive Data Exposure in IDPay Payment
Gateway for W ...)
+ TODO: check
+CVE-2026-34886 (Unauthenticated Broken Access Control in Simple Membership <=
4.7.1 ve ...)
+ TODO: check
+CVE-2026-30121 (remotion-dev remotion v4.0.409 was discovered to contain an
arbitrary ...)
+ TODO: check
+CVE-2026-30120 (remotion-dev remotion v4.0.409 was discovered to contain a
remote code ...)
+ TODO: check
+CVE-2026-27407 (Editor Privilege Escalation in AI Engine <= 3.4.9 versions.)
+ TODO: check
+CVE-2026-27333 (Unauthenticated Deserialization of untrusted data in Paid
Videochat Tu ...)
+ TODO: check
+CVE-2026-27089 (Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7
versions.)
+ TODO: check
+CVE-2026-27053 (Unauthenticated PHP Object Injection in Broadcast Live Video <
7.1.3 v ...)
+ TODO: check
+CVE-2026-25440 (Unauthenticated Broken Access Control in Essential Addons for
Elemento ...)
+ TODO: check
+CVE-2026-25425 (Unauthenticated Broken Access Control in User Registration <=
5.1.2 ve ...)
+ TODO: check
+CVE-2026-24637 (Contributor SQL Injection in PowerPress Podcasting <= 11.15.10
version ...)
+ TODO: check
+CVE-2026-23970 (Unauthenticated Cross Site Scripting (XSS) in Redirection for
Contact ...)
+ TODO: check
+CVE-2026-12162 (Improper host validation in the social login autofill feature
in Devo ...)
+ TODO: check
+CVE-2026-12161 (Improper input validation in the SSH Elevate Shell feature in
Devolut ...)
+ TODO: check
+CVE-2026-11931 (Incorrect default permissions in Kiro IDE on macOS and Linux
before ve ...)
+ TODO: check
+CVE-2026-10780 (The Static Block plugin for WordPress is vulnerable to
Insecure Direct ...)
+ TODO: check
+CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU,
the pag ...)
+ TODO: check
+CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples
NetworkConfiguration/ ...)
+ TODO: check
+CVE-2025-69332 (Subscriber Broken Access Control in Bookify <= 1.1.1 versions.)
+ TODO: check
+CVE-2025-68872 (Unauthenticated Cross Site Scripting (XSS) in Eli's
WordCents adS ...)
+ TODO: check
+CVE-2025-68851 (Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <=
2.3 vers ...)
+ TODO: check
+CVE-2025-68840 (Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO
<= 1.1.2 ...)
+ TODO: check
+CVE-2025-68713 (An issue was discovered in Rakuten Send Anywhere (File
Transfer) for A ...)
+ TODO: check
+CVE-2025-68049 (Subscriber Broken Access Control in bunny.net <= 2.3.6
versions.)
+ TODO: check
+CVE-2025-60175 (Administrator Server Side Request Forgery (SSRF) in PopAd <=
1.0.4 ver ...)
+ TODO: check
+CVE-2025-59133 (Custom role Insecure Direct Object References (IDOR) in
Projectopia <= ...)
+ TODO: check
+CVE-2025-56814 (A code injection vulnerability in the wxExecute() function of
OpenCPN ...)
+ TODO: check
+CVE-2025-10262 (Nokia SR Linux is vulnerable to local privilege escalation
vulnerabili ...)
+ TODO: check
CVE-2026-XXXX [NTLM client: Avoid use-of-unitialized-value inside libntlm]
- gsasl 2.2.4-1
NOTE:
https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html
-CVE-2026-53704
+CVE-2026-53704 (A flaw was found in GStreamer's RealMedia demuxer in the
gst-plugins-u ...)
- gst-plugins-ugly1.0 1.28.4-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0042.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11825
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11826
(1.28.4)
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11831 (1.26
branch)
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11832 (1.24
branch)
-CVE-2026-53703
+CVE-2026-53703 (A vulnerability was found in the GStreamer RealMedia demuxer
(gst-plug ...)
- gst-plugins-ugly1.0 1.28.4-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0042.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11825
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11826
(1.28.4)
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11831 (1.26
branch)
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11832 (1.24
branch)
-CVE-2026-52719
+CVE-2026-52719 (An out-of-bounds read vulnerability was found in the VA JPEG
decoder i ...)
- gst-plugins-bad1.0 <unfixed>
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0040.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11805
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/35a7895274f5f7b38aaab9ceeec4af48e699e3ee
(1.28.4)
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/987278d3b2c01c5bf387181a120bec5856aba82c
(1.26 branch)
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c5f9c5bee5f2139157c0ce0a160f0a1173b7ce94
(1.24 branch)
-CVE-2026-52718
+CVE-2026-52718 (A denial of service vulnerability was found in GStreamer's AV1
codec p ...)
- gst-libav1.0 1.28.4-1
- gst-plugins-bad1.0 <unfixed>
- gst-plugins-good1.0 1.28.4-1
@@ -40,7 +638,7 @@ CVE-2026-52717
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11820
(1.28.4)
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11822 (1.26
branch)
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11819 (1.24
branch)
-CVE-2026-53705
+CVE-2026-53705 (A flaw was found in GStreamer's WavPack audio decoder in
gst-plugins-g ...)
- gst-plugins-good1.0 1.28.4-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0035.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5069
@@ -50,12 +648,12 @@ CVE-2026-53705
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e9ded43316bfe6c381a17f971c7097421a4ae201
(1.28.4)
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9326c636a22a678952a6cae6518465d35d441a87
(1.28.4)
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f7cb3e0288627cce919e656584b852ac8605c922
(1.28.4)
-CVE-2026-12087
+CVE-2026-12087 (Socket versions before 2.041 for Perl have an out-of-bounds
heap read. ...)
- libsocket-perl 2.041-1
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41020451/
NOTE: Fixed by:
https://github.com/Perl/perl5/commit/de19a0b0ad1900fef976c5c1400bd8f11ec6c6cb
(v5.43.11)
-CVE-2026-11832
+CVE-2026-11832 (Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl
default to ...)
NOT-FOR-US: Dancer2::Plugin::Auth::OAuth Perl module
CVE-2026-9863 (Fortra BoKS Manager contains an OS command injection
vulnerability in ...)
NOT-FOR-US: Fortra
@@ -74,12 +672,15 @@ CVE-2026-8386 (The WP Go Maps WordPress plugin before
10.0.10 does not perform
CVE-2026-8385 (The WP Go Maps WordPress plugin before 10.0.10 does not
properly enfo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8358 (LibreOffice Calc can import tracked changes from a spreadsheet
documen ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.4.2-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-8358
CVE-2026-8357 (LibreOffice Calc compiles cell formulas when opening a
spreadsheet. A ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.4.2-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-8357
CVE-2026-8356 (LibreOffice can import presentations in the legacy binary PPT
format. ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.4.2-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-8356
CVE-2026-6517 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict
the al ...)
@@ -90,13 +691,16 @@ CVE-2026-6047 (LibreOffice can import documents in the
OOXML format (DOCX). A he
[bookworm] - libreoffice <not-affected> (Vulnerable code not present)
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-6047
CVE-2026-6045 (LibreOffice can import EMF+ graphics, which may be embedded in
documen ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.3.2-2
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-6045
CVE-2026-6040 (A heap use-after-free existed when importing the blank-width
character ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.3.2-2
[bookworm] - libreoffice <not-affected> (Vulnerable code not present)
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-6040
CVE-2026-6039 (LibreOffice can import drawings in the DXF format used by CAD
software ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.3.2-2
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-6039
CVE-2026-5482 (Responsive FileManager's allows an unauthenticatedattacker to
upload f ...)
@@ -209,7 +813,7 @@ CVE-2016-20067 (WordPress CP Polls 1.0.8 contains a
cross-site request forgery v
NOT-FOR-US: WordPress plugin
CVE-2016-20066 (WordPress CP Polls 1.0.8 contains a persistent cross-site
scripting vu ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-12205
+CVE-2026-12205 (Crypt::DSA versions before 1.21 for Perl reused the nonce
across signa ...)
- libcrypt-dsa-perl 1.21-1 (bug #1140105)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41004653/
CVE-2026-XXXX [SSLMate go-pkcs12: Authentication bypass in Decode functions]
@@ -326,43 +930,43 @@ CVE-2026-12174 (A security vulnerability has been
detected in D-Link DCS-935L 1.
CVE-2025-55662
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55660
+CVE-2025-55660 (A stack overflow in the gf_opus_read_length function
(media_tools/av_p ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55663
+CVE-2025-55663 (A segmentation violation in the Track_SetStreamDescriptor
function (is ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55661
+CVE-2025-55661 (A heap buffer overflow in the Opus audio stream parser
component of GP ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55650
+CVE-2025-55650 (A heap use-after-free in the gf_node_get_tag function
(scenegraph/base ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55649
+CVE-2025-55649 (A NULL pointer dereference in the gf_media_map_esd function
(media_too ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55648
+CVE-2025-55648 (A heap buffer overflow in the gf_opus_parse_packet_header
function (me ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55641
+CVE-2025-55641 (A NULL pointer dereference in the gf_isom_copy_sample_info
function (i ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55642
+CVE-2025-55642 (GPAC MP4Box v2.4 was discovered to contain a floating point
exception ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55647
+CVE-2025-55647 (An Out-of-Memory in the mp4_mux_cenc_insert_pssh function
(filters/mux ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55645
+CVE-2025-55645 (A heap buffer overflow in the gf_cenc_set_pssh function
(isomedia/drm_ ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55643
+CVE-2025-55643 (A NULL pointer dereference in the TrackWriter handling
component (filt ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55644
+CVE-2025-55644 (A heap use-after-free in the gf_node_get_tag function
(scenegraph/base ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55652
+CVE-2025-55652 (A heap buffer overflow in the gf_isom_vp_config_new function
(isomedia ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
CVE-2026-XXXX [RUSTSEC-2026-0174]
@@ -1959,7 +2563,7 @@ CVE-2026-20255 (In Splunk Enterprise versions below
10.2.4, 10.0.7, 9.4.12, and
NOT-FOR-US: Cisco
CVE-2026-20254 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
NOT-FOR-US: Cisco
-CVE-2026-20253 (In Splunk Enterprise versions below 10.2.4 and 10.0.7, and
Splunk Clou ...)
+CVE-2026-20253 (In Splunk Enterprise 10.2 versions below 10.2.4 and 10
versions below ...)
NOT-FOR-US: Cisco
CVE-2026-20252 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
NOT-FOR-US: Cisco
@@ -2369,6 +2973,7 @@ CVE-2025-59382 (QTS, QuTS hero, QuTScloud are not
affected. We have already fix
CVE-2025-58468 (A cross-site request forgery (CSRF) vulnerability has been
reported to ...)
NOT-FOR-US: QNAP
CVE-2026-11526 (GD versions before 2.86 for Perl allow OS command injection
and file o ...)
+ {DSA-6345-1}
- libgd-perl 2.84-3
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41004664/
NOTE: Fixed by:
https://github.com/lstein/Perl-GD/commit/67b163713c6c78dfeb693da0978ae934e5cd8210
(v2.86)
@@ -31441,7 +32046,7 @@ CVE-2026-5260 (A flaw was found in libgnutls. A remote
attacker, by sending an e
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/77228f2d1ac207d2f894e5a168fbb47e5378e42f
(3.8.13)
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/cf6bdc5e4df49e5583d3fb4d2296779785f10683
(3.8.13)
NOTE: Introduced with:
https://gitlab.com/gnutls/gnutls/-/commit/4804febddc2ed958e5ae774de2a8f85edeeff538
(gnutls_3_6_5)
-CVE-2026-42014
+CVE-2026-42014 (A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin`
function ...)
{DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9
@@ -75151,7 +75756,7 @@ CVE-2026-24512 (A security issue was discovered in
ingress-nginx where the `rule
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2026-1580 (A security issue was discovered in ingress-nginxwhere the
`nginx.ingre ...)
NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2026-1767 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
+CVE-2026-1767 (A flaw was found in the GNOME localsearch (previously known as
tracker ...)
- localsearch 3.8.2-12 (bug #1126910)
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
@@ -75159,7 +75764,7 @@ CVE-2026-1767 [Heap Buffer Overflow in GNOME
localsearch MP3 Extractor]
[bullseye] - tracker-miners <not-affected> (support for performer tags
was added in v2.99.4)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/429
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/2897ca48b7ae79db7dcfe7e66cdd5d75cb641466
-CVE-2026-1766 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor
(ID3v2.3 COMM Tags)]
+CVE-2026-1766 (A flaw was found in GNOME localsearch (previously known as
tracker-min ...)
- localsearch 3.8.2-12 (bug #1126910)
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
@@ -75167,7 +75772,7 @@ CVE-2026-1766 [Heap Buffer Overflow in GNOME
localsearch MP3 Extractor (ID3v2.3
[bullseye] - tracker-miners <postponed> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/428
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/9cc562cc126c408efb2a8220fcd67f006902412c
-CVE-2026-1765 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX
Tags)]
+CVE-2026-1765 (A flaw was found in the `tracker-extract-mp3` component of
GNOME local ...)
- localsearch 3.8.2-12 (bug #1126910)
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
@@ -75175,7 +75780,7 @@ CVE-2026-1765 [Heap Buffer Overflow in GNOME
localsearch MP3 Extractor (TXXX Tag
[bullseye] - tracker-miners <postponed> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/427
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/79f47309bad068ff0c19c1431abab6766edc687f
-CVE-2026-1764 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
+CVE-2026-1764 (A flaw was found in GNOME localsearch (previously known as
tracker-min ...)
- localsearch 3.8.2-12 (bug #1126910)
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10766888513e8788afa0f0076e702b1201b9f8db
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10766888513e8788afa0f0076e702b1201b9f8db
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
