Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9add248 by security tracker role at 2026-06-17T19:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,595 @@
+CVE-2026-9697 (Impact: undici's ProxyAgent silently drops the requestTls
option when ...)
+ TODO: check
+CVE-2026-9690 (Unauthenticated Arbitrary File Download in WP Media folder
Addon <= 4. ...)
+ TODO: check
+CVE-2026-9679 (Impact: undici's cookie parser in parseSetCookie
percent-decodes cooki ...)
+ TODO: check
+CVE-2026-9678 (Impact: Undici's cache interceptor incorrectly classifies some
respons ...)
+ TODO: check
+CVE-2026-9675 (Impact: The undici WebSocket client enforces maxPayloadSize
per-frame ...)
+ TODO: check
+CVE-2026-9591 (Cross-site request forgery (CSRF) in NewsItemApiController in
SimplCom ...)
+ TODO: check
+CVE-2026-9570 (The Taskbuilder WordPress plugin before 5.0.8 does not
properly sanit ...)
+ TODO: check
+CVE-2026-8607 (The Points Management System For Gamification, Ranks, Badges,
and Loya ...)
+ TODO: check
+CVE-2026-8494 (The Permalink Manager Lite plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2026-8383 (The LearnPress WordPress plugin before 4.3.7 does not gate the
`edit` ...)
+ TODO: check
+CVE-2026-8089 (The weMail: Email Marketing, Email Automation, Newsletters,
Subscriber ...)
+ TODO: check
+CVE-2026-7850 (The WP Magnific Popup WordPress plugin through 1.0 does not
properly e ...)
+ TODO: check
+CVE-2026-7300 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
+ TODO: check
+CVE-2026-6734 (Impact: When using Socks5ProxyAgent, undici reuses a single
connection ...)
+ TODO: check
+CVE-2026-6733 (Impact: Undici's HTTP/1.1 client is vulnerable to response
queue poiso ...)
+ TODO: check
+CVE-2026-5667 (Use of Hard-coded Credentials vulnerability in Mitsubishi
Electric Roo ...)
+ TODO: check
+CVE-2026-55743 (The shell tool command allowlist in the SecurityPolicy of
OpenHuman de ...)
+ TODO: check
+CVE-2026-55738 (A stack-based buffer overflow exists in the raw_to_header()
function i ...)
+ TODO: check
+CVE-2026-55198 (Hermes WebUI before 0.51.443 contains an authorization bypass
vulnerab ...)
+ TODO: check
+CVE-2026-55197 (Hermes WebUI before 0.51.443 contains a broken access control
vulnerab ...)
+ TODO: check
+CVE-2026-55196 (Hermes WebUI before 0.51.409 contains an authentication bypass
vulnera ...)
+ TODO: check
+CVE-2026-54819 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-54818 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-54817 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2026-54816 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-54815 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-54814 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-54813 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-54812 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-54811 (Unauthenticated SQL Injection in WP eMember < v10.9.4
versions.)
+ TODO: check
+CVE-2026-54810 (Missing Authorization vulnerability in Nexi Payments Nexi XPay
allows ...)
+ TODO: check
+CVE-2026-54809 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-54808 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-54807 (Unauthenticated Privilege Escalation in Registration Form for
WooComme ...)
+ TODO: check
+CVE-2026-54806 (Unauthenticated PHP Object Injection in WP Activity Log <=
5.6.3.1 ver ...)
+ TODO: check
+CVE-2026-54805 (Subscriber Privilege Escalation in Falang multilanguage <=
1.4.2 versi ...)
+ TODO: check
+CVE-2026-54804 (Subscriber Broken Authentication in Melhor Envio <= 2.16.3
versions.)
+ TODO: check
+CVE-2026-54803 (Subscriber Privilege Escalation in SMS Alert Order
Notifications <= 3. ...)
+ TODO: check
+CVE-2026-54802 (Unauthenticated Broken Authentication in SMS Alert Order
Notifications ...)
+ TODO: check
+CVE-2026-54417 (An integer overflow in the mtar_next() function in
src/microtar.c in r ...)
+ TODO: check
+CVE-2026-54415 (Missing Authorization in the server management routes
(routes/admin.ph ...)
+ TODO: check
+CVE-2026-54196 (Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1
versions.)
+ TODO: check
+CVE-2026-54195 (Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder
<= 3.6.0. ...)
+ TODO: check
+CVE-2026-54193 (Contributor Arbitrary File Deletion in Fusion Builder <=
3.15.4 versio ...)
+ TODO: check
+CVE-2026-54192 (Unauthenticated Cross Site Scripting (XSS) in Popup box <=
6.2.9 versi ...)
+ TODO: check
+CVE-2026-54189 (Unauthenticated Cross Site Scripting (XSS) in JetEngine <=
3.8.10 vers ...)
+ TODO: check
+CVE-2026-54188 (Unauthenticated Cross Site Scripting (XSS) in JetEngine <=
3.8.10 vers ...)
+ TODO: check
+CVE-2026-54187 (Unauthenticated SQL Injection in JetEngine <= 3.8.10.1
versions.)
+ TODO: check
+CVE-2026-54186 (Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.)
+ TODO: check
+CVE-2026-54185 (Subscriber SQL Injection in Cornerstone < 7.8.8 versions.)
+ TODO: check
+CVE-2026-54184 (Unauthenticated Insecure Direct Object References (IDOR) in
Clean Logi ...)
+ TODO: check
+CVE-2026-53875 (picklescan before 1.0.3 contains a scanning bypass
vulnerability in th ...)
+ TODO: check
+CVE-2026-53874 (picklescan before 1.0.1 contains an unsafe deserialization
vulnerabili ...)
+ TODO: check
+CVE-2026-53873 (picklescan before 1.0.4 contains an incomplete blocklist for
the profi ...)
+ TODO: check
+CVE-2026-53872 (picklescan before 0.0.35 contains an unsafe pickle
deserialization vul ...)
+ TODO: check
+CVE-2026-53871 (Hermes WebUI before 0.51.368 contains an authorization bypass
vulnerab ...)
+ TODO: check
+CVE-2026-53870 (Hermes Agent before 0.16.0 creates response_store.db and
webhook_subsc ...)
+ TODO: check
+CVE-2026-53869 (Hermes Agent before 0.16.0 contains a DNS rebinding
vulnerability in W ...)
+ TODO: check
+CVE-2026-53805 (NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an
unauthentica ...)
+ TODO: check
+CVE-2026-52716 (Unauthenticated Arbitrary File Deletion in WorkScout-Core <=
1.7.11 ve ...)
+ TODO: check
+CVE-2026-52707 (Unauthenticated Local File Inclusion in Kastell <= 2.0
versions.)
+ TODO: check
+CVE-2026-52706 (Unauthenticated PHP Object Injection in JetEngine <= 3.8.10
versions.)
+ TODO: check
+CVE-2026-52705 (Unauthenticated Arbitrary File Upload in SigmaForms Pro \u2013
AI Gene ...)
+ TODO: check
+CVE-2026-52698 (Subscriber Sensitive Data Exposure in PushEngage \u2013 Web
Push Notif ...)
+ TODO: check
+CVE-2026-52696 (Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8
versions.)
+ TODO: check
+CVE-2026-49778 (Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <=
2.9.4 v ...)
+ TODO: check
+CVE-2026-49767 (Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0
version ...)
+ TODO: check
+CVE-2026-49502 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an
Improper ...)
+ TODO: check
+CVE-2026-49268 (A remote attacker can inject LDAP special characters into the
Distingu ...)
+ TODO: check
+CVE-2026-49108 (Unauthenticated PHP Object Injection in Moderno < 1.43
versions.)
+ TODO: check
+CVE-2026-49107 (Unauthenticated PHP Object Injection in Thrive Apprentice <
10.8.10.2 ...)
+ TODO: check
+CVE-2026-49084 (Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.)
+ TODO: check
+CVE-2026-49081 (Unauthenticated Broken Access Control in User Registration
Stripe <= 1 ...)
+ TODO: check
+CVE-2026-49079 (Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.)
+ TODO: check
+CVE-2026-49076 (Unauthenticated SQL Injection in JetEngine <= 3.8.9.1
versions.)
+ TODO: check
+CVE-2026-49075 (Contributor PHP Object Injection in JetEngine <= 3.8.9.1
versions.)
+ TODO: check
+CVE-2026-49074 (Unauthenticated Cross Site Scripting (XSS) in JetEngine <=
3.8.9.1 ver ...)
+ TODO: check
+CVE-2026-49072 (Unauthenticated Broken Access Control in WooCommerce
Anti-Fraud <= 7.2 ...)
+ TODO: check
+CVE-2026-49071 (Unauthenticated Broken Authentication in WooCommerce
Dropshipping <= 5 ...)
+ TODO: check
+CVE-2026-49058 (Unauthenticated Privilege Escalation in LoginPress Pro <=
6.2.2 versio ...)
+ TODO: check
+CVE-2026-48967 (Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.)
+ TODO: check
+CVE-2026-48875 (Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1
versions.)
+ TODO: check
+CVE-2026-48818 (Starlette is a lightweight ASGI framework/toolkit. In versions
1.0.1 a ...)
+ TODO: check
+CVE-2026-48591 (Improper Neutralization of Script in Attributes in a Web Page
vulnerab ...)
+ TODO: check
+CVE-2026-48142 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
+ TODO: check
+CVE-2026-48117 (DroneAware is a drone detection platform. The centralized
DroneAware s ...)
+ TODO: check
+CVE-2026-47340 (Allow authenticated users to access alert instances associated
with al ...)
+ TODO: check
+CVE-2026-47103 (Python StateMachine versions 3.0.0 before 3.2.0 contains a
remote code ...)
+ TODO: check
+CVE-2026-45436 (Subscriber Broken Access Control in WPBakery Page Builder <=
8.7.2 ver ...)
+ TODO: check
+CVE-2026-42629 (Unauthenticated Broken Authentication in PowerPack Pro for
Elementor < ...)
+ TODO: check
+CVE-2026-42530 (NGINX Open Source has a vulnerability in the
ngx_http_v3_modulemodule. ...)
+ TODO: check
+CVE-2026-42385 (Unauthenticated Cross Site Scripting (XSS) in Profile Builder
Pro <= 3 ...)
+ TODO: check
+CVE-2026-42380 (Unauthenticated PHP Object Injection in AI Lab < 5.4.2
versions.)
+ TODO: check
+CVE-2026-42357 (Incorrect Authorization vulnerability allows users to access
workflow ...)
+ TODO: check
+CVE-2026-42055 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
+ TODO: check
+CVE-2026-41557 (Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1
versions.)
+ TODO: check
+CVE-2026-41280 (Incorrect Authorization vulnerability allows users with system
login p ...)
+ TODO: check
+CVE-2026-40783 (Contributor Remote Code Execution (RCE) in Blocksy Companion
Pro <= 2. ...)
+ TODO: check
+CVE-2026-40768 (Unauthenticated Insecure Direct Object References (IDOR) in
Salon book ...)
+ TODO: check
+CVE-2026-40765 (Unauthenticated Cross Site Scripting (XSS) in collectchat <=
2.4.9 ver ...)
+ TODO: check
+CVE-2026-40757 (Unauthenticated PHP Object Injection in Ch\xe2teau <= 1.2.1
versions.)
+ TODO: check
+CVE-2026-40756 (Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.)
+ TODO: check
+CVE-2026-40753 (Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1
versions.)
+ TODO: check
+CVE-2026-40752 (Unauthenticated PHP Object Injection in Manufaktur Solutions
<= 1.1.1 ...)
+ TODO: check
+CVE-2026-40749 (Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1
versions.)
+ TODO: check
+CVE-2026-40748 (Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4
versions.)
+ TODO: check
+CVE-2026-40747 (Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7
versions.)
+ TODO: check
+CVE-2026-40746 (Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8
versions.)
+ TODO: check
+CVE-2026-40738 (Unauthenticated PHP Object Injection in Eldon <= 1.4.1
versions.)
+ TODO: check
+CVE-2026-40735 (Unauthenticated PHP Object Injection in Reina <= 2.1 versions.)
+ TODO: check
+CVE-2026-40733 (Unauthenticated PHP Object Injection in ShiftUp <= 1.3
versions.)
+ TODO: check
+CVE-2026-40731 (Unauthenticated Local File Inclusion in ChapterOne <= 1.7
versions.)
+ TODO: check
+CVE-2026-40726 (Unauthenticated Broken Access Control in User Registration
Stripe <= 1 ...)
+ TODO: check
+CVE-2026-40725 (Unauthenticated PHP Object Injection in WooCommerce Product
Filters < ...)
+ TODO: check
+CVE-2026-40724 (CP Client Arbitrary File Download in Client Portal (Pro) <=
5.6.2 vers ...)
+ TODO: check
+CVE-2026-40723 (Subscriber Broken Access Control in Bricks Builder <= 2.1.4
versions.)
+ TODO: check
+CVE-2026-40722 (Missing Authorization vulnerability in Yoast BV Yoast SEO
Premium allo ...)
+ TODO: check
+CVE-2026-40721 (Contributor Local File Inclusion in Element Pack Pro <= 9.0.6
versions ...)
+ TODO: check
+CVE-2026-40720 (Unauthenticated Cross Site Scripting (XSS) in Royal Elementor
Addons P ...)
+ TODO: check
+CVE-2026-40641 (Dell PowerFlex Manager, version(s) 4.6.0.1, contain(s) an Use
of a Bro ...)
+ TODO: check
+CVE-2026-3894 (Out-of-bounds Read vulnerability in RTI Connext Professional
(Core Lib ...)
+ TODO: check
+CVE-2026-3490 (picklescan before 1.0.4 fails to block pkgutil.resolve_name,
allowing ...)
+ TODO: check
+CVE-2026-39597 (Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons
for Elemen ...)
+ TODO: check
+CVE-2026-39596 (Unauthenticated SQL Injection in Blocksy Companion Pro <
2.1.29 versio ...)
+ TODO: check
+CVE-2026-39595 (Author Broken Access Control in W3 Total Cache <= 2.9.1
versions.)
+ TODO: check
+CVE-2026-39590 (Unauthenticated Local File Inclusion in Atomlab <= 2.4.5
versions.)
+ TODO: check
+CVE-2026-39589 (Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.)
+ TODO: check
+CVE-2026-39582 (Unauthenticated Local File Inclusion in Hitek < 1.8.3
versions.)
+ TODO: check
+CVE-2026-39576 (Unauthenticated PHP Object Injection in SingleMalt <= 1.5
versions.)
+ TODO: check
+CVE-2026-39573 (Unauthenticated PHP Object Injection in Mildhill <= 1.5
versions.)
+ TODO: check
+CVE-2026-39560 (Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1
versions.)
+ TODO: check
+CVE-2026-39559 (Unauthenticated Local File Inclusion in Uppercase < 1.2.2
versions.)
+ TODO: check
+CVE-2026-39558 (Unauthenticated Local File Inclusion in Malm\xf6 <= 2.2
versions.)
+ TODO: check
+CVE-2026-39556 (Unauthenticated PHP Object Injection in Konsept <= 1.9
versions.)
+ TODO: check
+CVE-2026-39546 (Subscriber Privilege Escalation in MultiLoca <= 4.2.15
versions.)
+ TODO: check
+CVE-2026-39545 (Unauthenticated PHP Object Injection in Zermatt <= 1.6.1
versions.)
+ TODO: check
+CVE-2026-39537 (Unauthenticated Local File Inclusion in Mikado Core <= 1.6
versions.)
+ TODO: check
+CVE-2026-39523 (Unauthenticated Local File Inclusion in Solene Core <= 2.3.2
versions.)
+ TODO: check
+CVE-2026-39445 (Unauthenticated PHP Object Injection in Alukas < 3.0.0
versions.)
+ TODO: check
+CVE-2026-39442 (Unauthenticated PHP Object Injection in PressMart <= 1.2.26
versions.)
+ TODO: check
+CVE-2026-39199 (snes9x 1.63 allows an out-of-bounds write and denial of
service via a ...)
+ TODO: check
+CVE-2026-36418 (JimuReport versions 2.3.4 and below are vulnerable to remote
code exec ...)
+ TODO: check
+CVE-2026-35162 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an
Improper ...)
+ TODO: check
+CVE-2026-35069 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an
Improper ...)
+ TODO: check
+CVE-2026-35068 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an
Improper ...)
+ TODO: check
+CVE-2026-35067 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an
Improper ...)
+ TODO: check
+CVE-2026-35066 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an
Improper ...)
+ TODO: check
+CVE-2026-35065 (Dell PowerFlex Manager, version(s) [Versions], contain(s) a
Missing Au ...)
+ TODO: check
+CVE-2026-34888 (Unauthenticated Sensitive Data Exposure in Bricksforge <=
3.1.8.4 vers ...)
+ TODO: check
+CVE-2026-32967 (Incorrect Authorization vulnerability of `/v2` experimental
interface ...)
+ TODO: check
+CVE-2026-32966 (DataSource API Missing Authorization Check Leads to Arbitrary
Data Sou ...)
+ TODO: check
+CVE-2026-32804 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an
Improper ...)
+ TODO: check
+CVE-2026-32652 (Dell AIOps Collector versions prior to 1.18.3 contain a "Use
of Defaul ...)
+ TODO: check
+CVE-2026-30803 (Integer Underflow (Wrap or Wraparound) vulnerability in RTI
Connext Mi ...)
+ TODO: check
+CVE-2026-30802 (Out-of-bounds Read vulnerability in RTI Connext Micro (Core
Libraries) ...)
+ TODO: check
+CVE-2026-30799 (Missing Authentication for Critical Function vulnerability in
RTI Conn ...)
+ TODO: check
+CVE-2026-2675 (Missing Authentication for Critical Function vulnerability in
RTI Conn ...)
+ TODO: check
+CVE-2026-2674 (Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write
vulnerab ...)
+ TODO: check
+CVE-2026-2467 (Heap-based Buffer Overflow vulnerability in RTI Connext
Professional ( ...)
+ TODO: check
+CVE-2026-28615 (In Telecomm, there is a possible way to initiate an
unauthorized phone ...)
+ TODO: check
+CVE-2026-28587 (In MmsSmsProvider of MmsSmsProvider.java, there is a possible
way to r ...)
+ TODO: check
+CVE-2026-28576 (In Contacts Provider, there is a possible way to access the
contacts d ...)
+ TODO: check
+CVE-2026-28575 (In PackageInstaller.Session#transfer of
frameworks/base/services/core/ ...)
+ TODO: check
+CVE-2026-27870 (An attacker with access via network to the Regesta Smart
HD-PLC of the ...)
+ TODO: check
+CVE-2026-27869 (An attacker with access via network to the Regesta Smart
HD-PLC of the ...)
+ TODO: check
+CVE-2026-27868 (An attacker with access via network to the Regesta Smart
HD-PLC of the ...)
+ TODO: check
+CVE-2026-27410 (Unauthenticated Deserialization of untrusted data in Slimstat
Analytic ...)
+ TODO: check
+CVE-2026-27400 (Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0
versions.)
+ TODO: check
+CVE-2026-27041 (Contributor Arbitrary File Upload in Unlimited Elements for
Elementor ...)
+ TODO: check
+CVE-2026-25446 (Subscriber Arbitrary File Upload in WishList Member X <=
3.29.0 versio ...)
+ TODO: check
+CVE-2026-25439 (Unauthenticated Broken Authentication in Booknetic <= 4.8.5
versions.)
+ TODO: check
+CVE-2026-24611 (Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1
versions ...)
+ TODO: check
+CVE-2026-24610 (Subscriber Broken Access Control in MetForm Pro <= 3.9.1
versions.)
+ TODO: check
+CVE-2026-24575 (Subscriber Broken Access Control in WishList Member X <=
3.29.0 versio ...)
+ TODO: check
+CVE-2026-22343 (Unauthenticated Broken Access Control in WordPress Dating
Theme <= 11. ...)
+ TODO: check
+CVE-2026-22342 (Unauthenticated Cross Site Request Forgery (CSRF) in WordPress
Dating ...)
+ TODO: check
+CVE-2026-22340 (Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.)
+ TODO: check
+CVE-2026-22339 (Unauthenticated Cross Site Scripting (XSS) in WPJobster <=
6.3.5 versi ...)
+ TODO: check
+CVE-2026-22338 (Unauthenticated Local File Inclusion in EcoBlue <= 1.15
versions.)
+ TODO: check
+CVE-2026-22335 (Subscriber SQL Injection in WooCommerce Frontend Manager
\u2013 Ultima ...)
+ TODO: check
+CVE-2026-22334 (Subscriber Arbitrary File Download in Woocommerce Book Price
<= 1.3 ve ...)
+ TODO: check
+CVE-2026-22332 (Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6
versions.)
+ TODO: check
+CVE-2026-22331 (Unauthenticated Local File Inclusion in AutoParts <= 1.5.8
versions.)
+ TODO: check
+CVE-2026-22330 (Unauthenticated Local File Inclusion in Right Way <= 4.0
versions.)
+ TODO: check
+CVE-2026-22329 (Unauthenticated Cross Site Scripting (XSS) in Skillate <=
1.2.10 versi ...)
+ TODO: check
+CVE-2026-22328 (Unauthenticated Cross Site Scripting (XSS) in Auto Repair <=
22.6 vers ...)
+ TODO: check
+CVE-2026-22327 (Subscriber Arbitrary File Upload in Restaurt <= 1.0.4
versions.)
+ TODO: check
+CVE-2026-22326 (Unauthenticated Local File Inclusion in Reprizo <= 1.0.8
versions.)
+ TODO: check
+CVE-2026-22325 (Unauthenticated Local File Inclusion in Promo <= 1.3.0
versions.)
+ TODO: check
+CVE-2026-22283 (Dell PowerFlex Manager, version(s) Version prior to 4.8,
contain(s) an ...)
+ TODO: check
+CVE-2026-20266 (In Splunk AI Toolkit versions below 5.7.4, a user who holds
the "admin ...)
+ TODO: check
+CVE-2026-20265 (In Splunk AI Toolkit versions below 5.7.4, a low-privileged
user that ...)
+ TODO: check
+CVE-2026-20246 (A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual
Appliance ...)
+ TODO: check
+CVE-2026-20220 (A vulnerability in the web-based management interface of Cisco
Crosswo ...)
+ TODO: check
+CVE-2026-20190 (A vulnerability in Cisco ISE and ISE-PIC could allow an
unauthenticate ...)
+ TODO: check
+CVE-2026-20181 (A vulnerability in Cisco ISE and ISE-PIC could allow an
authenticated, ...)
+ TODO: check
+CVE-2026-20178 (A vulnerability in the browser-based version of Cisco Webex
App could ...)
+ TODO: check
+CVE-2026-1288 (A maliciously crafted RFA file, when converted to FormIt via
\u201cCon ...)
+ TODO: check
+CVE-2026-12528 (A flaw was found in 389 Directory Server in the
__aclp__normalize_aclt ...)
+ TODO: check
+CVE-2026-12515 (A flaw was found in Katello's of Red Hat Satellite. A content
upload f ...)
+ TODO: check
+CVE-2026-12491 (A flaw was found in vLLM, an open-source library for large
language mo ...)
+ TODO: check
+CVE-2026-12199 (A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3
allows u ...)
+ TODO: check
+CVE-2026-12165 (The Contest Gallery \u2013 Upload & Vote Photos, Media, Sell
with PayP ...)
+ TODO: check
+CVE-2026-12151 (Impact: The undici WebSocket client enforces maxPayloadSize on
the cum ...)
+ TODO: check
+CVE-2026-12115 (The Counter Box \u2013 Add Countdowns, Timers & Dynamic
Counters to Wo ...)
+ TODO: check
+CVE-2026-11975 (Stored cross-site scripting (XSS) in NewsItemApiControllerIn
SimplComm ...)
+ TODO: check
+CVE-2026-11858 (Quanos SCHEMA ST4 on-premises contains a local privilege
escalation vu ...)
+ TODO: check
+CVE-2026-11857 (Quanos SCHEMA ST4 on-premises contains a local privilege
escalation vu ...)
+ TODO: check
+CVE-2026-11525 (Impact: When undici parses a Set-Cookie header, it accepts any
SameSit ...)
+ TODO: check
+CVE-2026-11311 (When NGINX Plus is configured as the data plane for NGINX
Gateway Fabr ...)
+ TODO: check
+CVE-2026-10850 (Plane CE 1.3.1 allows a low-privileged project member to
submit arbitr ...)
+ TODO: check
+CVE-2026-10839 (Open redirection vulnerability in the authentication system
allows an ...)
+ TODO: check
+CVE-2026-10837 (Open redirection vulnerability due to insufficient validation
of the X ...)
+ TODO: check
+CVE-2026-10836 (Improper handling of HTTP headers that allows a remote
attacker to man ...)
+ TODO: check
+CVE-2026-10641 (Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free
role pa ...)
+ TODO: check
+CVE-2026-10094 (A Path Traversal vulnerability affecting SOLIDWORKS Visualize
from SOL ...)
+ TODO: check
+CVE-2026-0092 (In Package Manager, there is a possible device lock controller
bypass ...)
+ TODO: check
+CVE-2026-0083 (In Nfc::eventCallback() of Nfc.h, there is a possible use after
free d ...)
+ TODO: check
+CVE-2026-0082 (In tryStartActivity of NfcDispatcher.java, there is a possible
automat ...)
+ TODO: check
+CVE-2026-0081 (In NFC, there is a possible way to spoof an NFC event due to a
missing ...)
+ TODO: check
+CVE-2026-0071 (In SettingsLib, there is a possible missing permission check
due to a ...)
+ TODO: check
+CVE-2026-0068 (In createSessionInternal of PackageInstallerService.java, there
is a p ...)
+ TODO: check
+CVE-2026-0064 (In multiple places, there is a possible persistent denial of
service d ...)
+ TODO: check
+CVE-2026-0063 (In setAllowedCarriers of PhoneInterfaceManager.java, there is a
possib ...)
+ TODO: check
+CVE-2025-71325 (picklescan before 0.0.27 contains a parsing logic error in the
_list_g ...)
+ TODO: check
+CVE-2025-71323 (picklescan before 0.0.33 fails to block the ctypes module,
allowing at ...)
+ TODO: check
+CVE-2025-71322 (PickleScan before 0.0.33 fails to include the pty.spawn
function in it ...)
+ TODO: check
+CVE-2025-71321 (picklescan before 0.0.33 contains an arbitrary file writing
vulnerabil ...)
+ TODO: check
+CVE-2025-71320 (picklescan before 0.0.33 contains an incomplete deny-list that
fails t ...)
+ TODO: check
+CVE-2025-69189 (Missing Authorization vulnerability in EMV JobBank allows
Exploiting I ...)
+ TODO: check
+CVE-2025-69179 (Unauthenticated Privilege Escalation in Support Ticket
Management Syst ...)
+ TODO: check
+CVE-2025-69175 (Unauthenticated Local File Inclusion in Line Agency <= 1.3.1
versions.)
+ TODO: check
+CVE-2025-69174 (Unauthenticated Local File Inclusion in Etude <= 1.6 versions.)
+ TODO: check
+CVE-2025-69173 (Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions.)
+ TODO: check
+CVE-2025-69172 (Unauthenticated Local File Inclusion in Resurs <= 1.3
versions.)
+ TODO: check
+CVE-2025-69171 (Unauthenticated Local File Inclusion in Orpheus <= 1.3
versions.)
+ TODO: check
+CVE-2025-69170 (Unauthenticated Local File Inclusion in Eventicity <= 1.5
versions.)
+ TODO: check
+CVE-2025-69166 (Unauthenticated Local File Inclusion in Gunslinger <= 1.7
versions.)
+ TODO: check
+CVE-2025-69164 (Unauthenticated Local File Inclusion in Skyward <= 1.10
versions.)
+ TODO: check
+CVE-2025-69161 (Unauthenticated Local File Inclusion in Snowy <= 1.13
versions.)
+ TODO: check
+CVE-2025-69158 (Unauthenticated Local File Inclusion in Granola <= 1.13
versions.)
+ TODO: check
+CVE-2025-69157 (Unauthenticated Local File Inclusion in Gamic <= 1.15
versions.)
+ TODO: check
+CVE-2025-69148 (Unauthenticated Local File Inclusion in Quirky <= 1.23
versions.)
+ TODO: check
+CVE-2025-69145 (Unauthenticated Local File Inclusion in Gat <= 1.16 versions.)
+ TODO: check
+CVE-2025-69144 (Unauthenticated Local File Inclusion in Preservation <= 1.10
versions.)
+ TODO: check
+CVE-2025-69140 (Unauthenticated Cross Site Scripting (XSS) in SweetDate Core <
1.1.5 v ...)
+ TODO: check
+CVE-2025-69138 (Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.)
+ TODO: check
+CVE-2025-69135 (Subscriber SQL Injection in Events Schedule - WordPress Events
Calenda ...)
+ TODO: check
+CVE-2025-69130 (Subscriber PHP Object Injection in Entrepreneur - Booking for
Small Bu ...)
+ TODO: check
+CVE-2025-69129 (Unauthenticated Arbitrary File Upload in WordPress &
WooCommerce Scrap ...)
+ TODO: check
+CVE-2025-69128 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-69127 (Unauthenticated PHP Object Injection in Plumbing <= 1.6
versions.)
+ TODO: check
+CVE-2025-69126 (Unauthenticated Local File Inclusion in Fortius <= 2.3.0
versions.)
+ TODO: check
+CVE-2025-69123 (Unauthenticated Local File Inclusion in Snow Club <= 1.1
versions.)
+ TODO: check
+CVE-2025-69120 (Unauthenticated Local File Inclusion in Dazzle <= 1.0.0
versions.)
+ TODO: check
+CVE-2025-69117 (Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0
versions.)
+ TODO: check
+CVE-2025-69115 (Unauthenticated Local File Inclusion in LuxMed | Medicine &
Healthcare ...)
+ TODO: check
+CVE-2025-69111 (Unauthenticated PHP Object Injection in Reisen <= 1.4.1
versions.)
+ TODO: check
+CVE-2025-69110 (Unauthenticated Local File Inclusion in AirSupply <= 2.0.0
versions.)
+ TODO: check
+CVE-2025-69106 (Unauthenticated Local File Inclusion in Imba <= 1.5.0
versions.)
+ TODO: check
+CVE-2025-68524 (Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5
versions.)
+ TODO: check
+CVE-2025-66391 (In Citrix Cloud through 2025-11-10, an account with read-only
access c ...)
+ TODO: check
+CVE-2025-62340 (HCL iControl was affected by Inadequate Session Timeout
vulnerability. ...)
+ TODO: check
+CVE-2025-60236 (Deserialization of Untrusted Data vulnerability in EMV
Creatify allows ...)
+ TODO: check
+CVE-2025-60231 (Deserialization of Untrusted Data vulnerability in EMV The
Hospital nr ...)
+ TODO: check
+CVE-2025-60230 (Deserialization of Untrusted Data vulnerability in Themeton
The Barber ...)
+ TODO: check
+CVE-2025-60229 (Deserialization of Untrusted Data vulnerability in Themeton
Lagom allo ...)
+ TODO: check
+CVE-2025-60223 (Subscriber Arbitrary File Deletion in WPBot Pro Wordpress
Chatbot <= 1 ...)
+ TODO: check
+CVE-2025-60218 (Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2
versions.)
+ TODO: check
+CVE-2025-60205 (Unauthenticated PHP Object Injection in ThemeREX Addons <=
2.36.1.1 ve ...)
+ TODO: check
+CVE-2025-59872 (HCL ZIE for Web is affetced by an Unrestricted File Upload
vulnerabili ...)
+ TODO: check
+CVE-2025-59563 (Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.)
+ TODO: check
+CVE-2025-59560 (Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4
version ...)
+ TODO: check
+CVE-2025-59554 (Unauthenticated SQL Injection in Advanced Ads \u2013 Tracking
< 3.0.7 ...)
+ TODO: check
+CVE-2025-58954 (Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0
versions.)
+ TODO: check
+CVE-2025-58953 (Unauthenticated Local File Inclusion in Joly <= 1.22.0
versions.)
+ TODO: check
+CVE-2025-58952 (Unauthenticated Local File Inclusion in Neuronet < 1.14.0
versions.)
+ TODO: check
+CVE-2025-49403 (Unauthenticated Arbitrary File Download in Premium Age
Verification / ...)
+ TODO: check
+CVE-2025-32748 (Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host
Header ...)
+ TODO: check
+CVE-2025-31013 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26240 (In JazzCore python-pdfkit 1.0.0, the from_string method
enables the ex ...)
+ TODO: check
+CVE-2025-15657 (Unauthenticated Insecure Direct Object References (IDOR) in
School Man ...)
+ TODO: check
+CVE-2024-52488 (Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.)
+ TODO: check
+CVE-2024-49269 (Unauthenticated Cross Site Scripting (XSS) in my flatonica <=
0.0.8 ve ...)
+ TODO: check
+CVE-2024-47477 (Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an
improper ...)
+ TODO: check
+CVE-2024-37496 (Missing Authorization vulnerability in Rara Themes Metro
Magazine allo ...)
+ TODO: check
+CVE-2024-37210 (Missing Authorization vulnerability in ali2woo AliNext allows
Exploiti ...)
+ TODO: check
+CVE-2024-35690 (Insertion of sensitive information into sent data
vulnerability in Mar ...)
+ TODO: check
+CVE-2024-35648 (Cross-Site request forgery (CSRF) vulnerability in Andy Moyle
Emergenc ...)
+ TODO: check
+CVE-2024-34810 (Cross-Site request forgery (CSRF) vulnerability in Extend
Themes Skyli ...)
+ TODO: check
+CVE-2024-33909 (Missing Authorization vulnerability in Avirtum iPages Flipbook
allows ...)
+ TODO: check
+CVE-2024-33685 (Missing Authorization vulnerability in Jegstudio Startupzy
startupzy a ...)
+ TODO: check
+CVE-2024-32949 (Missing Authorization vulnerability in Prince Integrate Google
Drive a ...)
+ TODO: check
+CVE-2024-32729 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-31435 (: Missing Authorization vulnerability in Inisev Social Media &
Share I ...)
+ TODO: check
+CVE-2024-24709 (Missing Authorization vulnerability in Shareaholic allows
Exploiting I ...)
+ TODO: check
CVE-2026-47178
- libheif <unfixed> (bug #1140223)
NOTE: https://project-zero.issues.chromium.org/issues/507396184
@@ -1074,16 +1666,19 @@ CVE-2026-12412
CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The
do_git_c ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2026-12330 (Incorrect boundary conditions in the Internationalization
component. T ...)
+ {DSA-6350-1}
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12330
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12330
CVE-2026-12329 (Memory safety bug fixed in Thunderbird ESR 140.12. This
vulnerability ...)
+ {DSA-6350-1}
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12329
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12329
CVE-2026-12328 (Memory safety bugs present in Firefox ESR 115.36, Firefox ESR
140.11, ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1091,6 +1686,7 @@ CVE-2026-12328 (Memory safety bugs present in Firefox ESR
115.36, Firefox ESR 14
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12328
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12328
CVE-2026-12327 (Memory safety bugs present in Firefox ESR 140.11, Thunderbird
ESR 140. ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1101,6 +1697,7 @@ CVE-2026-12326 (Memory safety bugs present in Firefox 151
and Thunderbird 151. S
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12326
CVE-2026-12325 (Denial-of-service in the Graphics: ImageLib component. This
vulnerabil ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1108,6 +1705,7 @@ CVE-2026-12325 (Denial-of-service in the Graphics:
ImageLib component. This vuln
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12325
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12325
CVE-2026-12324 (Incorrect boundary conditions in the Graphics: CanvasWebGL
component. ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1141,6 +1739,7 @@ CVE-2026-12316 (Mitigation bypass in the DOM: Security
component. This vulnerabi
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12316
CVE-2026-12315 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1148,6 +1747,7 @@ CVE-2026-12315 (Mitigation bypass in the DOM: Security
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12315
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12315
CVE-2026-12314 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1155,6 +1755,7 @@ CVE-2026-12314 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12314
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12314
CVE-2026-12313 (Information disclosure, sandbox escape in the Security:
Process Sandbo ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1162,6 +1763,7 @@ CVE-2026-12313 (Information disclosure, sandbox escape in
the Security: Process
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12313
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12313
CVE-2026-12312 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1169,6 +1771,7 @@ CVE-2026-12312 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12312
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12312
CVE-2026-12311 (Information disclosure, sandbox escape in the Security:
Process Sandbo ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1176,6 +1779,7 @@ CVE-2026-12311 (Information disclosure, sandbox escape in
the Security: Process
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12311
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12311
CVE-2026-12310 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1183,6 +1787,7 @@ CVE-2026-12310 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12310
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12310
CVE-2026-12309 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1190,6 +1795,7 @@ CVE-2026-12309 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12309
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12309
CVE-2026-12308 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1197,6 +1803,7 @@ CVE-2026-12308 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12308
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12308
CVE-2026-12307 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1204,6 +1811,7 @@ CVE-2026-12307 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12307
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12307
CVE-2026-12306 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1211,6 +1819,7 @@ CVE-2026-12306 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12306
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12306
CVE-2026-12305 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1218,6 +1827,7 @@ CVE-2026-12305 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12305
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12305
CVE-2026-12304 (Same-origin policy bypass in the Networking: Cookies
component. This v ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1228,6 +1838,7 @@ CVE-2026-12303 (Information disclosure due to incorrect
boundary conditions in t
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12303
CVE-2026-12302 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1241,6 +1852,7 @@ CVE-2026-12300 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12300
CVE-2026-12299 (JIT miscompilation in the DOM: Core & HTML component. This
vulnerabili ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1248,6 +1860,7 @@ CVE-2026-12299 (JIT miscompilation in the DOM: Core &
HTML component. This vulne
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12299
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12299
CVE-2026-12298 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1255,6 +1868,7 @@ CVE-2026-12298 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12298
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12298
CVE-2026-12297 (Sandbox escape due to incorrect boundary conditions in the
Networking ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1262,6 +1876,7 @@ CVE-2026-12297 (Sandbox escape due to incorrect boundary
conditions in the Netwo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12297
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12297
CVE-2026-12296 (Sandbox escape in the Security: Process Sandboxing component.
This vul ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1269,6 +1884,7 @@ CVE-2026-12296 (Sandbox escape in the Security: Process
Sandboxing component. Th
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12296
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12296
CVE-2026-12295 (Sandbox escape in the DOM: Navigation component. This
vulnerability wa ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1276,6 +1892,7 @@ CVE-2026-12295 (Sandbox escape in the DOM: Navigation
component. This vulnerabil
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12295
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12295
CVE-2026-12294 (Sandbox escape in the DOM: Workers component. This
vulnerability was f ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1286,6 +1903,7 @@ CVE-2026-12293 (Use-after-free in the Graphics: WebGPU
component. This vulnerabi
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12293
CVE-2026-12292 (Incorrect boundary conditions in the Web Audio component. This
vulnera ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1293,6 +1911,7 @@ CVE-2026-12292 (Incorrect boundary conditions in the Web
Audio component. This v
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12292
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12292
CVE-2026-12291 (Use-after-free in the Networking: HTTP component. This
vulnerability w ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1300,6 +1919,7 @@ CVE-2026-12291 (Use-after-free in the Networking: HTTP
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12291
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12291
CVE-2026-12290 (Memory safety bug fixed in Thunderbird 152. This vulnerability
was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1307,6 +1927,7 @@ CVE-2026-12290 (Memory safety bug fixed in Thunderbird
152. This vulnerability w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12290
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12290
CVE-2026-12289 (Privilege escalation in the Graphics: WebRender component.
This vulner ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -2078,15 +2699,15 @@ CVE-2026-8386 (The WP Go Maps WordPress plugin before
10.0.10 does not perform
CVE-2026-8385 (The WP Go Maps WordPress plugin before 10.0.10 does not
properly enfo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8358 (LibreOffice Calc can import tracked changes from a spreadsheet
documen ...)
- {DSA-6346-1}
+ {DSA-6346-1 DLA-4633-1}
- libreoffice 4:26.2.4.2-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-8358
CVE-2026-8357 (LibreOffice Calc compiles cell formulas when opening a
spreadsheet. A ...)
- {DSA-6346-1}
+ {DSA-6346-1 DLA-4633-1}
- libreoffice 4:26.2.4.2-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-8357
CVE-2026-8356 (LibreOffice can import presentations in the legacy binary PPT
format. ...)
- {DSA-6346-1}
+ {DSA-6346-1 DLA-4633-1}
- libreoffice 4:26.2.4.2-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-8356
CVE-2026-6517 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict
the al ...)
@@ -2097,7 +2718,7 @@ CVE-2026-6047 (LibreOffice can import documents in the
OOXML format (DOCX). A he
[bookworm] - libreoffice <not-affected> (Vulnerable code not present)
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-6047
CVE-2026-6045 (LibreOffice can import EMF+ graphics, which may be embedded in
documen ...)
- {DSA-6346-1}
+ {DSA-6346-1 DLA-4633-1}
- libreoffice 4:26.2.3.2-2
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-6045
CVE-2026-6040 (A heap use-after-free existed when importing the blank-width
character ...)
@@ -2106,7 +2727,7 @@ CVE-2026-6040 (A heap use-after-free existed when
importing the blank-width char
[bookworm] - libreoffice <not-affected> (Vulnerable code not present)
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-6040
CVE-2026-6039 (LibreOffice can import drawings in the DXF format used by CAD
software ...)
- {DSA-6346-1}
+ {DSA-6346-1 DLA-4633-1}
- libreoffice 4:26.2.3.2-2
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2026-6039
CVE-2026-5482 (Responsive FileManager's allows an unauthenticatedattacker to
upload f ...)
@@ -9785,7 +10406,7 @@ CVE-2026-44393 (An issue was discovered in OpenStack
oslo.messaging 1.0.0 throug
[bookworm] - python-oslo.messaging 14.0.3-0+deb12u1
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0096
NOTE: https://launchpad.net/bugs/2150316
-CVE-2026-55748 [Horizon RC file generation does not escape special characters
in project]
+CVE-2026-55748 (OpenStack Horizon before 25.7.4 produces scripts for OpenStack
RC file ...)
- horizon 3:25.7.3-2 (bug #1138845)
[trixie] - horizon <no-dsa> (Minor issue)
[bookworm] - horizon <no-dsa> (Minor issue)
@@ -10259,7 +10880,7 @@ CVE-2026-10725 (Protocol::HTTP2 versions before 1.13
for Perl is vulnerable to a
[bullseye] - libprotocol-http2-perl <postponed> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40751319/
NOTE:
https://security.metacpan.org/patches/P/Protocol-HTTP2/1.12/CVE-2026-10725-r1.patch
-CVE-2026-47774
+CVE-2026-47774 (Envoy is an open source edge and service proxy designed for
cloud-nati ...)
- envoyproxy <itp> (bug #987544)
NOTE:
https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8
CVE-2026-XXXX [HTTP/2 Bomb denial of service]
@@ -20273,7 +20894,7 @@ CVE-2026-5090 (Template::Plugin::HTML versions through
3.102 for Perl allows HTM
NOTE: https://github.com/cpan-authors/Template2/pull/337
NOTE: Fixed by:
https://github.com/cpan-authors/Template2/commit/11c78a7a771d4af505efeb754a0b8775689c2eae
CVE-2026-46529 (Atril Document Viewer is the default document reader of the
MATE deskt ...)
- {DSA-6286-1 DLA-4632-1 DLA-4597-1 DLA-4596-1}
+ {DSA-6349-1 DSA-6286-1 DLA-4632-1 DLA-4597-1 DLA-4596-1}
- evince 49~alpha-3
- evince-gtk3 48.4+dfsg-1 (unimportant)
- atril 1.28.4-1 (bug #1139874)
@@ -29439,8 +30060,8 @@ CVE-2026-43128 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux 6.1.170-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/104016eb671e19709721c1b0048dd912dc2e96be (7.0-rc2)
-CVE-2026-43122
- REJECTED
+CVE-2026-43122 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
+ TODO: check
CVE-2026-43121 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.19.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
@@ -140738,6 +141359,7 @@ CVE-2025-41392 (In Ashlar-Vellum Cobalt, Xenon,
Argon, Lithium, and Cobalt Share
NOT-FOR-US: Ashlar-Vellum
CVE-2025-38553
REJECTED
+ {DLA-4327-1}
CVE-2025-53192 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of
Expression/ ...)
- ognl <unfixed> (bug #1111588)
[trixie] - ognl <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9add2485a6972902aeb1994a294ff10a87b380f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9add2485a6972902aeb1994a294ff10a87b380f
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
