Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3002921 by security tracker role at 2026-06-16T19:13:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,298 @@
+CVE-2026-9507 (A session fixation vulnerability has been identified in
osTicket v1.18 ...)
+ TODO: check
+CVE-2026-9307 (A sensitive information disclosure security issue exists within
the af ...)
+ TODO: check
+CVE-2026-8484 (A heap buffer overflow vulnerability exists in the Jansi JNI
"ioctl()" ...)
+ TODO: check
+CVE-2026-8444 (The WP Review Slider Pro plugin for WordPress is vulnerable to
SQL Inj ...)
+ TODO: check
+CVE-2026-8442 (The WP Review Slider Pro plugin for WordPress is vulnerable to
Arbitra ...)
+ TODO: check
+CVE-2026-8176 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
+ TODO: check
+CVE-2026-5416 (Due to the improper neutralization of special elements used in
a name ...)
+ TODO: check
+CVE-2026-54198 (Unauthenticated Cross Site Scripting (XSS) in Media LIbrary
Assistant ...)
+ TODO: check
+CVE-2026-54197 (Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1
versions.)
+ TODO: check
+CVE-2026-54191 (Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8
versions.)
+ TODO: check
+CVE-2026-54190 (Unauthenticated Broken Access Control in Envira Photo Gallery
<= 1.12. ...)
+ TODO: check
+CVE-2026-53900 (Firefox for iOS preserved cookies set on the initial PDF
request acros ...)
+ TODO: check
+CVE-2026-53899 (Firefox for iOS used partial domain matching when attaching
cookies to ...)
+ TODO: check
+CVE-2026-53866 (OpenClaw before 2026.5.12 contains an allowlist bypass
vulnerability i ...)
+ TODO: check
+CVE-2026-53865 (OpenClaw before 2026.5.2 contains a path traversal
vulnerability in ma ...)
+ TODO: check
+CVE-2026-53864 (OpenClaw before 2026.5.26 contains an insufficient
sanitization vulner ...)
+ TODO: check
+CVE-2026-53863 (OpenClaw before 2026.4.25 contains an input validation
vulnerability i ...)
+ TODO: check
+CVE-2026-53862 (OpenClaw before 2026.5.12 contains a bootstrap token replay
vulnerabil ...)
+ TODO: check
+CVE-2026-53861 (OpenClaw before 2026.5.6 contains an allowlist bypass
vulnerability in ...)
+ TODO: check
+CVE-2026-53860 (OpenClaw before 2026.5.7 contains a sender policy bypass
vulnerability ...)
+ TODO: check
+CVE-2026-53859 (OpenClaw before 2026.5.26 contains a hostname validation
vulnerability ...)
+ TODO: check
+CVE-2026-53858 (OpenClaw before 2026.5.2 contains an environment variable
injection vu ...)
+ TODO: check
+CVE-2026-53857 (OpenClaw before 2026.5.3 contains a policy enforcement
vulnerability w ...)
+ TODO: check
+CVE-2026-53856 (OpenClaw before 2026.4.24 contains an insecure file
permissions vulner ...)
+ TODO: check
+CVE-2026-53855 (OpenClaw before 2026.4.2 contains an inline-eval bypass
vulnerability ...)
+ TODO: check
+CVE-2026-53854 (OpenClaw before 2026.4.25 contains a privilege escalation
vulnerabilit ...)
+ TODO: check
+CVE-2026-53853 (OpenClaw before 2026.5.12 contains an argument pattern
validation bypa ...)
+ TODO: check
+CVE-2026-53852 (OpenClaw before 2026.4.25 contains a scope containment bypass
vulnerab ...)
+ TODO: check
+CVE-2026-53851 (OpenClaw before 2026.5.12 contains a notification bypass
vulnerability ...)
+ TODO: check
+CVE-2026-53850 (OpenClaw before 2026.4.25 contains a control scope enforcement
bypass ...)
+ TODO: check
+CVE-2026-53849 (OpenClaw before 2026.5.7 contains a privilege escalation
vulnerability ...)
+ TODO: check
+CVE-2026-53848 (OpenClaw before 2026.5.26 contains an exec allowlist bypass
vulnerabil ...)
+ TODO: check
+CVE-2026-53847 (OpenClaw before 2026.5.6 contains a privilege escalation
vulnerability ...)
+ TODO: check
+CVE-2026-53846 (OpenClaw before 2026.4.29 contains a path traversal
vulnerability in t ...)
+ TODO: check
+CVE-2026-53845 (OpenClaw before 2026.5.6 contains a hook bypass vulnerability
where sk ...)
+ TODO: check
+CVE-2026-53844 (OpenClaw before 2026.4.29 contains a session visibility check
bypass v ...)
+ TODO: check
+CVE-2026-53843 (OpenClaw before 2026.5.26 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-53842 (OpenClaw before 2026.5.2 contains an environment variable
injection vu ...)
+ TODO: check
+CVE-2026-53841 (OpenClaw before 2026.5.12 contains a cross-site scripting
vulnerabilit ...)
+ TODO: check
+CVE-2026-53840 (OpenClaw before 2026.5.12 contains an information disclosure
vulnerabi ...)
+ TODO: check
+CVE-2026-53776 (Perry before 0.5.1166 contains a JWT validation vulnerability
that all ...)
+ TODO: check
+CVE-2026-52715 (Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5
versions.)
+ TODO: check
+CVE-2026-52714 (Unauthenticated Broken Access Control in SEO Plugin by
Squirrly SEO <= ...)
+ TODO: check
+CVE-2026-52712 (Subscriber SQL Injection in Attendance Manager <= 0.6.2
versions.)
+ TODO: check
+CVE-2026-52711 (Unauthenticated Broken Access Control in WooCommerce POS <=
1.8.14 ver ...)
+ TODO: check
+CVE-2026-50656 (Microsoft is aware of an elevation of privilege in the
Microsoft Malwa ...)
+ TODO: check
+CVE-2026-49774 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-49772 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-48780 (Forem is open source software for building communities. Prior
to commi ...)
+ TODO: check
+CVE-2026-48775 (LangGraph SQLite Checkpoint is an implementation of LangGraph
Checkpoi ...)
+ TODO: check
+CVE-2026-47964 (DNG SDK versions 1.7.1 2536 and earlier are affected by a
Heap-based B ...)
+ TODO: check
+CVE-2026-47963 (DNG SDK versions 1.7.1 2536 and earlier are affected by an
out-of-boun ...)
+ TODO: check
+CVE-2026-47934 (DNG SDK versions 1.7.1 2536 and earlier are affected by an
out-of-boun ...)
+ TODO: check
+CVE-2026-47927 (DNG SDK versions 1.7.1 2536 and earlier are affected by an
out-of-boun ...)
+ TODO: check
+CVE-2026-47749 (stable-diffusion.cpp is a pure C/C++ library for running
diffusion mod ...)
+ TODO: check
+CVE-2026-47748 (stable-diffusion.cpp is a pure C/C++ library for running
diffusion mod ...)
+ TODO: check
+CVE-2026-47684 (Sync-in Server is a secure, open-source platform for file
storage, sha ...)
+ TODO: check
+CVE-2026-44932 (Passing of unsanitized strings from DHCP replies into the
wicked dhcp ...)
+ TODO: check
+CVE-2026-42089 (Yeoman Environment provides an API to discover, create, and
run genera ...)
+ TODO: check
+CVE-2026-40809 (Missing Authorization vulnerability in Rara Themes Metro
Magazine allo ...)
+ TODO: check
+CVE-2026-40750 (Unrestricted Upload of File with Dangerous Type vulnerability
in thema ...)
+ TODO: check
+CVE-2026-39927
+ REJECTED
+CVE-2026-39926
+ REJECTED
+CVE-2026-39581 (Subscriber SQL Injection in WP Sessions Time Monitoring Full
Automatic ...)
+ TODO: check
+CVE-2026-39574 (Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6
versions.)
+ TODO: check
+CVE-2026-39490 (Unauthenticated Broken Access Control in JupiterX Core <=
4.14.1 versi ...)
+ TODO: check
+CVE-2026-39437 (Unauthenticated Cross Site Scripting (XSS) in Min Max Step
Quantity Li ...)
+ TODO: check
+CVE-2026-2381 (The WooCommerce Stripe Payment Gateway plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2026-24228 (NVIDIA NeMo Framework for Linux contains a vulnerability where
an atta ...)
+ TODO: check
+CVE-2026-24155 (NVIDIA NeMo Framework for all platforms contains a code
injection vuln ...)
+ TODO: check
+CVE-2026-12412
+ REJECTED
+CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The
do_git_c ...)
+ TODO: check
+CVE-2026-12330 (Incorrect boundary conditions in the Internationalization
component. T ...)
+ TODO: check
+CVE-2026-12329 (Memory safety bug fixed in Thunderbird ESR 140.12. This
vulnerability ...)
+ TODO: check
+CVE-2026-12328 (Memory safety bugs present in Firefox ESR 115.36, Firefox ESR
140.11, ...)
+ TODO: check
+CVE-2026-12327 (Memory safety bugs present in Firefox ESR 140.11, Thunderbird
ESR 140. ...)
+ TODO: check
+CVE-2026-12326 (Memory safety bugs present in Firefox 151 and Thunderbird 151.
Some of ...)
+ TODO: check
+CVE-2026-12325 (Denial-of-service in the Graphics: ImageLib component. This
vulnerabil ...)
+ TODO: check
+CVE-2026-12324 (Incorrect boundary conditions in the Graphics: CanvasWebGL
component. ...)
+ TODO: check
+CVE-2026-12323 (Spoofing issue in the DOM: Core & HTML component. This
vulnerability w ...)
+ TODO: check
+CVE-2026-12322 (Clickjacking issue in the Widget: Gtk component. This
vulnerability wa ...)
+ TODO: check
+CVE-2026-12321 (JIT miscompilation in the JavaScript: WebAssembly component.
This vuln ...)
+ TODO: check
+CVE-2026-12320 (Information disclosure in the Password Manager component. This
vulnera ...)
+ TODO: check
+CVE-2026-12319 (Denial-of-service in the Audio/Video: Playback component. This
vulnera ...)
+ TODO: check
+CVE-2026-12318 (Incorrect boundary conditions in the Libraries component in
NSS. This ...)
+ TODO: check
+CVE-2026-12317 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12316 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
+ TODO: check
+CVE-2026-12315 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
+ TODO: check
+CVE-2026-12314 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12313 (Information disclosure, sandbox escape in the Security:
Process Sandbo ...)
+ TODO: check
+CVE-2026-12312 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12311 (Information disclosure, sandbox escape in the Security:
Process Sandbo ...)
+ TODO: check
+CVE-2026-12310 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12309 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12308 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12307 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12306 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12305 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12304 (Same-origin policy bypass in the Networking: Cookies
component. This v ...)
+ TODO: check
+CVE-2026-12303 (Information disclosure due to incorrect boundary conditions in
the Gra ...)
+ TODO: check
+CVE-2026-12302 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
+ TODO: check
+CVE-2026-12301 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12300 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12299 (JIT miscompilation in the DOM: Core & HTML component. This
vulnerabili ...)
+ TODO: check
+CVE-2026-12298 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12297 (Sandbox escape due to incorrect boundary conditions in the
Networking ...)
+ TODO: check
+CVE-2026-12296 (Sandbox escape in the Security: Process Sandboxing component.
This vul ...)
+ TODO: check
+CVE-2026-12295 (Sandbox escape in the DOM: Navigation component. This
vulnerability wa ...)
+ TODO: check
+CVE-2026-12294 (Sandbox escape in the DOM: Workers component. This
vulnerability was f ...)
+ TODO: check
+CVE-2026-12293 (Use-after-free in the Graphics: WebGPU component. This
vulnerability w ...)
+ TODO: check
+CVE-2026-12292 (Incorrect boundary conditions in the Web Audio component. This
vulnera ...)
+ TODO: check
+CVE-2026-12291 (Use-after-free in the Networking: HTTP component. This
vulnerability w ...)
+ TODO: check
+CVE-2026-12290 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ TODO: check
+CVE-2026-12289 (Privilege escalation in the Graphics: WebRender component.
This vulner ...)
+ TODO: check
+CVE-2026-12225 (syracom AG Secure Login (2FA) for Atlassian Jira, Confluence,
and Bitb ...)
+ TODO: check
+CVE-2026-12003 (To allow builds of Python to be run from an in-tree layout
(rather tha ...)
+ TODO: check
+CVE-2026-11317 (A denial of service security issue exists in the affected
product. The ...)
+ TODO: check
+CVE-2026-10831 (A denial-of-service vulnerability exists in NPort devices
because of i ...)
+ TODO: check
+CVE-2026-10829 (A stack-based buffer overflow vulnerability has been found in
the NPor ...)
+ TODO: check
+CVE-2026-10828 (A format string vulnerability has been found in the "alias"
parameter ...)
+ TODO: check
+CVE-2026-10825 (A denial-of-service vulnerability exists in the WebSocket API
due to i ...)
+ TODO: check
+CVE-2026-10748 (An authenticated user with the nx-licensing-create privilege
can uploa ...)
+ TODO: check
+CVE-2026-10640 (Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na,
net_ipv ...)
+ TODO: check
+CVE-2026-10639 (In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in
subsys/ ...)
+ TODO: check
+CVE-2026-10638 (subsys/net/ip/icmpv6.c reads the network interface from a
net_pkt afte ...)
+ TODO: check
+CVE-2026-10637 (subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface
via net_ ...)
+ TODO: check
+CVE-2026-10636 (In Zephyr's IPv4 IGMP implementation, igmp_send() in
subsys/net/ip/igm ...)
+ TODO: check
+CVE-2026-10093 (The File Sharing & Download Manager \u2013 User Private Files
plugin f ...)
+ TODO: check
+CVE-2026-0647 (An improper authentication security issue exists within the
1794-AENTR ...)
+ TODO: check
+CVE-2026-0646 (A denial-of-service security issue exists within the 1794-AENTR
adapte ...)
+ TODO: check
+CVE-2025-9912 (Nokia SR Linux is vulnerable to a local privilege escalation
vulnerabi ...)
+ TODO: check
+CVE-2025-71261 (An attacker with network-level access between the SUSE
Virtualization ...)
+ TODO: check
+CVE-2025-68045 (Unauthenticated Broken Access Control in WP Event SOlution <=
4.1.12 v ...)
+ TODO: check
+CVE-2025-14272 (A security issue wasidentifiedin Pavilion due to
improperauthorization ...)
+ TODO: check
+CVE-2025-13036 (An authentication bypass security issue exists within
FactoryTalk Hist ...)
+ TODO: check
+CVE-2025-11694 (A security issue exists within1769 CompactLogix controllersdue
to them ...)
+ TODO: check
+CVE-2024-39575 (update_disk_psu_baseline.sh requires password in plain text)
+ TODO: check
+CVE-2024-38487 (api-gateway container running with root privilege would allow
an attac ...)
+ TODO: check
+CVE-2024-30476 (PowerStore contains a Stored Cross-Site Scripting
Vulnerability in the ...)
+ TODO: check
+CVE-2024-24909 (Dell OpenManage Integration with Microsoft Windows Admin
Center contai ...)
+ TODO: check
+CVE-2024-22451 (Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain
an unco ...)
+ TODO: check
+CVE-2024-22447 (Dell Peripheral Manager, versions prior to 1.7.3, contain an
uncontrol ...)
+ TODO: check
CVE-2026-46448
- nova <unfixed> (bug #1140149)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/16/5
NOTE: https://launchpad.net/bugs/2151252
-CVE-2026-10649
+CVE-2026-10649 (A flaw was found in Pacemaker. An unauthenticated remote
attacker can ...)
- pacemaker <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/06/16/6
NOTE: https://github.com/clusterLabs/pacemaker/pull/4128
CVE-2026-50203
NOT-FOR-US: Airflow provider
-CVE-2026-46331 [net/sched: fix pedit partial COW leading to page cache
corruption]
+CVE-2026-46331 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/899ee91156e57784090c5565e4f31bd7dbffbc5a (7.1-rc7)
CVE-2026-39043
@@ -26282,6 +26566,7 @@ CVE-2026-42241 (ParquetSharp is a .NET library for
reading and writing Apache Pa
CVE-2026-42239 (Budibase is an open-source low-code platform. Prior to version
3.35.10 ...)
NOT-FOR-US: Budibase
CVE-2026-42225 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1136007)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-x2fv-6j6c-pxmx
@@ -34046,6 +34331,7 @@ CVE-2026-41416 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-f33g-8hjq-62xr
NOTE:
https://github.com/pjsip/pjproject/commit/66fe416c96e957417621b7be16e9e587d159f9bb
(2.17)
CVE-2026-41415 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-935m-fmf5-j4pm
@@ -36735,7 +37021,7 @@ CVE-2026-41651 (PackageKit is a a D-Bus abstraction
layer that allows the user t
NOTE:
https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv
NOTE:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html
NOTE: Fixed by:
https://github.com/PackageKit/PackageKit/commit/76cfb675fb31acc3ad5595d4380bfff56d2a8697
(v1.3.5)
-CVE-2026-4367
+CVE-2026-4367 (A flaw was found in libXpm. A local user with low privileges
could exp ...)
- libxpm 1:3.5.19-1 (bug #1134690)
[trixie] - libxpm <no-dsa> (Minor issue)
[bookworm] - libxpm <no-dsa> (Minor issue)
@@ -37382,6 +37668,7 @@ CVE-2026-40866 (Horilla is a free and open source Human
Resource Management Syst
CVE-2026-40865 (Horilla is a free and open source Human Resource Management
System (HR ...)
NOT-FOR-US: Horilla
CVE-2026-40614 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-j59p-4xrr-fp8g
@@ -48301,6 +48588,7 @@ CVE-2026-34240 (JOSE is a Javascript Object Signing and
Encryption (JOSE) librar
CVE-2026-34237 (MCP Java SDK is the official Java SDK for Model Context
Protocol serve ...)
NOT-FOR-US: MCP Java SDK
CVE-2026-34235 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-pqrm-53pc-wx28
@@ -54938,6 +55226,7 @@ CVE-2026-33071 (FileRise is a self-hosted web file
manager / WebDAV server. In v
CVE-2026-33070 (FileRise is a self-hosted web file manager / WebDAV server. In
version ...)
NOT-FOR-US: FileRise
CVE-2026-33069 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj
@@ -55280,11 +55569,13 @@ CVE-2026-32947 (Harden-Runner is a CI/CD security
agent that works like an EDR f
CVE-2026-32946 (Harden-Runner is a CI/CD security agent that works like an EDR
for Git ...)
NOT-FOR-US: Harden-Runner
CVE-2026-32945 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-jr2p-p2w4-rr9q
NOTE:
https://github.com/pjsip/pjproject/commit/5311aee398ae9d623829a6bad7b679a193c9e199
CVE-2026-32942 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7
@@ -61716,6 +62007,7 @@ CVE-2026-29074 (SVGO, short for SVG Optimizer, is a
Node.js library and command-
CVE-2026-29073 (SiYuan is a personal knowledge management system. Prior to
version 3.6 ...)
NOT-FOR-US: SiYuan
CVE-2026-29068 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f
@@ -61771,6 +62063,7 @@ CVE-2026-28801 (Natro Macro is an open-source Bee Swarm
Simulator macro written
CVE-2026-28800 (Natro Macro is an open-source Bee Swarm Simulator macro
written in Aut ...)
NOT-FOR-US: Natro Macro
CVE-2026-28799 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc
@@ -68069,6 +68362,7 @@ CVE-2026-26974 (Slyde is a program that creates
animated presentations from XML.
CVE-2026-26972 (OpenClaw is a personal AI assistant. In versions 2026.1.12
through 202 ...)
NOT-FOR-US: OpenClaw
CVE-2026-26967 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-x2hc-6969-g8v6
@@ -68315,6 +68609,7 @@ CVE-2026-26223 (SPIP before 4.4.8 allows cross-site
scripting (XSS) in the priva
CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce OPA policies with
Envoy. Versi ...)
NOT-FOR-US: opa-envoy-plugun
CVE-2026-26203 (PJSIP is a free and open source multimedia communication
library. Vers ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-p965-mf7j-gwv8
@@ -71452,6 +71747,7 @@ CVE-2026-26010 (OpenMetadata is a unified metadata
platform. Prior to 1.11.8, ca
CVE-2026-25999 (Klaw is a self-service Apache Kafka Topic
Management/Governance tool/p ...)
NOT-FOR-US: Klaw
CVE-2026-25994 (PJSIP is a free and open source multimedia communication
library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp
@@ -105345,6 +105641,7 @@ CVE-2025-65107 (Langfuse is an open source large
language model engineering plat
CVE-2025-65106 (LangChain is a framework for building agents and LLM-powered
applicati ...)
NOT-FOR-US: LangChain
CVE-2025-65102 (PJSIP is a free and open source multimedia communication
library. Prio ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1135620)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-w5vr-39x7-h8g5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3002921a84d3c22f6ab93cd5252f6b42ba9729d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3002921a84d3c22f6ab93cd5252f6b42ba9729d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
