Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
521f3d54 by security tracker role at 2026-06-18T07:13:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2026-9860 (The Offload, AI & Optimize with Cloudflare Images plugin for
WordPress ...)
+ TODO: check
+CVE-2026-9199 (The Equalize Digital Accessibility Checker \u2013 WCAG, ADA,
EAA and S ...)
+ TODO: check
+CVE-2026-8050 (In SignalRGB versions prior to 1.3.7.0, seven of the thirteen
IOCTL ha ...)
+ TODO: check
+CVE-2026-8049 (In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device
object ...)
+ TODO: check
+CVE-2026-55740 (Nur-Alam39 bus-ticket (no released versions; latest commit
459cabdbeb9 ...)
+ TODO: check
+CVE-2026-55202 (Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to
properly v ...)
+ TODO: check
+CVE-2026-55201 (Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a
path trave ...)
+ TODO: check
+CVE-2026-55200 (libssh2 through 1.11.1, fixed in commit 7acf3df contains an
out-of-bou ...)
+ TODO: check
+CVE-2026-55199 (libssh2 through 1.11.1, fixed in commit 1762685, contains a
pre-authen ...)
+ TODO: check
+CVE-2026-54533 (vantage6 is an open-source infrastructure for privacy
preserving analy ...)
+ TODO: check
+CVE-2026-54445 (vantage6 is an open-source infrastructure for privacy
preserving analy ...)
+ TODO: check
+CVE-2026-54388 (Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to
reject req ...)
+ TODO: check
+CVE-2026-54387 (Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to
reconcile ...)
+ TODO: check
+CVE-2026-54386 (marimo before 0.23.9 contains a reflected cross-site scripting
vulnera ...)
+ TODO: check
+CVE-2026-53676 (ThingsBoard contains a prototype pollution vulnerability which
may lea ...)
+ TODO: check
+CVE-2026-50268 (Steeltoe is an open source project that provides a collection
of libra ...)
+ TODO: check
+CVE-2026-50267 (Steeltoe is an open source project that provides a collection
of libra ...)
+ TODO: check
+CVE-2026-50202 (Steeltoe is an open source project that provides a collection
of libra ...)
+ TODO: check
+CVE-2026-50201 (Steeltoe is an open source project that provides a collection
of libra ...)
+ TODO: check
+CVE-2026-50200 (Steeltoe is an open source project that provides a collection
of libra ...)
+ TODO: check
+CVE-2026-50196 (Steeltoe is an open source project that provides a collection
of libra ...)
+ TODO: check
+CVE-2026-50194 (Steeltoe is an open source project that provides a collection
of libra ...)
+ TODO: check
+CVE-2026-50107 (When NGINX Plus or NGINX Open Source is configured as the data
plane f ...)
+ TODO: check
+CVE-2026-49133 (Typemill before 2.24.0 contains a path traversal vulnerability
that al ...)
+ TODO: check
+CVE-2026-48997 (e107 is a content management system (CMS). Versions 2.3.5 and
earlier ...)
+ TODO: check
+CVE-2026-48991 (XianYuLauncher is a Minecraft Java Edition launcher. In
versions prior ...)
+ TODO: check
+CVE-2026-48990 (joserfc is a Python library that provides an implementation of
several ...)
+ TODO: check
+CVE-2026-48989 (Windows-MCP is an open-source project that integrates AI
agents with W ...)
+ TODO: check
+CVE-2026-48988 (markdown-it is a Markdown parser. Versions 14.1.1 and below
contain a ...)
+ TODO: check
+CVE-2026-48979 (PHP Standard Library (PSL) is set of APIs covering async,
collections, ...)
+ TODO: check
+CVE-2026-48823 (Shaarli is a personal bookmarking service. Versions 0.16.1 and
prior c ...)
+ TODO: check
+CVE-2026-48822 (Shaarli is a personal bookmarking service. Versions 0.16.1 and
prior c ...)
+ TODO: check
+CVE-2026-48821 (Shaarli is a personal bookmarking service. Versions 0.16.1 and
prior c ...)
+ TODO: check
+CVE-2026-48820 (CakePHP is a rapid development framework for PHP. In versions
4.5.11 a ...)
+ TODO: check
+CVE-2026-48817 (Starlette is a lightweight ASGI framework/toolkit. In versions
1.0.1 a ...)
+ TODO: check
+CVE-2026-48814 (Network-AI is a TypeScript/Node.js multi-agent orchestrator.
In versio ...)
+ TODO: check
+CVE-2026-48768 (TypeBot is a chatbot builder tool. In versions 3.16.1 and
earlier, POS ...)
+ TODO: check
+CVE-2026-48764 (TypeBot is a chatbot builder tool. In versions prior to
3.17.2, SSRF v ...)
+ TODO: check
+CVE-2026-48759 (TypeBot is a chatbot builder tool. Versions 3.15.2 and below
have an I ...)
+ TODO: check
+CVE-2026-45617 (LiquidJS is a Shopify/GitHub Pages compatible template engine
written ...)
+ TODO: check
+CVE-2026-45357 (LiquidJS is a Shopify/GitHub Pages compatible template engine
written ...)
+ TODO: check
+CVE-2026-44646 (LiquidJS is a Shopify/GitHub Pages compatible template engine
written ...)
+ TODO: check
+CVE-2026-44645 (LiquidJS is a Shopify/GitHub Pages compatible template engine
written ...)
+ TODO: check
+CVE-2026-44644 (LiquidJS is a Shopify/GitHub Pages compatible template engine
written ...)
+ TODO: check
+CVE-2026-32682 (When NGINX Gateway Fabric is configured using GRPCRoutes, an
authentic ...)
+ TODO: check
+CVE-2026-12569 (A critical remote code execution (RCE) vulnerability has been
reported ...)
+ TODO: check
+CVE-2026-12568 (The postman_download module uses the workspace name field from
the Pos ...)
+ TODO: check
+CVE-2026-12567 (The github_workflows module constructs local directory paths
from user ...)
+ TODO: check
+CVE-2026-12566 (The docker_pull module uses the realm parameter from a Docker
registry ...)
+ TODO: check
+CVE-2026-12565 (The unarchive internal module's archive extraction commands
perform no ...)
+ TODO: check
+CVE-2026-12530 (Improper neutralization of argument delimiters in the
install_packages ...)
+ TODO: check
+CVE-2026-12529 (A security vulnerability has been detected in SourceCodester
CET Autom ...)
+ TODO: check
+CVE-2026-12505 (A flaw was found in the cifs-utils package where the
cifs.upcall helpe ...)
+ TODO: check
+CVE-2026-12407 (The E2Pdf \u2013 Export Pdf Tool for WordPress plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-12120 (The FireBox Popups \u2013 Increase Sales and Grow Your Email
List plug ...)
+ TODO: check
+CVE-2026-12093 (The Simple Membership plugin for WordPress is vulnerable to
authorizat ...)
+ TODO: check
+CVE-2026-11784 (The Optimole \u2013 Optimize Images | Convert WebP & AVIF |
CDN & Lazy ...)
+ TODO: check
+CVE-2026-11777 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop
Contact For ...)
+ TODO: check
+CVE-2026-11776 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop
Contact For ...)
+ TODO: check
+CVE-2026-11407 (Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass
vulnerability ...)
+ TODO: check
+CVE-2026-11402 (The Services Section Block \u2013 Showcase Service Details in
Grid or ...)
+ TODO: check
+CVE-2026-11360 (The Advanced Order Export For WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-11358 (The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie
Notice, ...)
+ TODO: check
+CVE-2026-11357 (The Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg
Editor pl ...)
+ TODO: check
+CVE-2026-10741 (Sonatype Nexus Repository Manager before 3.93.0 contains an
authorizat ...)
+ TODO: check
+CVE-2026-10736 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2026-10696 (Use of an incorrectly resolved name or reference in the pinget
backend ...)
+ TODO: check
+CVE-2026-10623 (The PressPrimer Quiz \u2013 AI Quiz Maker, Exam Builder & LMS
Assessme ...)
+ TODO: check
+CVE-2026-10029 (The Event Koi Lite \u2013 Events Calendar, Event Management,
RSVP, and ...)
+ TODO: check
+CVE-2026-10023 (The Dokan: AI Powered WooCommerce Multivendor Marketplace
Solution \u2 ...)
+ TODO: check
+CVE-2024-27928 (vantage6 is an open-source infrastructure for privacy
preserving analy ...)
+ TODO: check
+CVE-2024-24769 (vantage6 is an open-source infrastructure for privacy
preserving analy ...)
+ TODO: check
CVE-2026-9697 (Impact: undici's ProxyAgent silently drops the requestTls
option when ...)
- node-undici <unfixed>
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g
@@ -11641,7 +11785,7 @@ CVE-2026-48188 (An improper Input Validation
vulnerability in OTRS or ((OTRS)) C
CVE-2026-48187 (An uncontrolled allocation of resources without limits or
throttling i ...)
NOT-FOR-US: OTRS
NOTE: Could possibly affect Znuny, we'll let their security team figure
it out
-CVE-2026-47294 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
+CVE-2026-47294 (Improper neutralization of special elements used in an os
command ('os ...)
NOT-FOR-US: Microsoft
CVE-2026-46605 (Incomplete authorization by Apache ActiveMQ server before
versions v6. ...)
- activemq <unfixed>
@@ -18999,7 +19143,7 @@ CVE-2026-9277 (shell-quote's `quote()` function did not
validate object-token in
NOTE:
https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p
NOTE:
https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d
(v1.8.4)
CVE-2026-9256 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
- {DSA-6326-1}
+ {DSA-6326-1 DLA-4634-1}
- nginx 1.30.1-3 (bug #1137339)
NOTE: https://my.f5.com/manage/s/article/K000161377
NOTE: Fixed by:
https://github.com/nginx/nginx/commit/3f135ae2eb60ce376196c898a6c7cb4d774f7068
(release-1.30.2)
@@ -24914,7 +25058,7 @@ CVE-2026-35438 (Missing authorization in Windows Admin
Center allows an authoriz
NOT-FOR-US: Microsoft
CVE-2026-35436 (Use after free in Microsoft Office allows an authorized
attacker to el ...)
NOT-FOR-US: Microsoft
-CVE-2026-35433 (Heap-based buffer overflow in .NET allows an unauthorized
attacker to ...)
+CVE-2026-35433 (Improper input validation in .NET allows an unauthorized
attacker to e ...)
NOT-FOR-US: Microsoft
CVE-2026-35429 (User interface (ui) misrepresentation of critical information
in Micro ...)
NOT-FOR-US: Microsoft
@@ -30091,7 +30235,8 @@ CVE-2026-43128 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux 6.1.170-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/104016eb671e19709721c1b0048dd912dc2e96be (7.0-rc2)
-CVE-2026-43122 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
+CVE-2026-43122
+ REJECTED
TODO: check
CVE-2026-43121 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.19.6-1
@@ -62686,7 +62831,8 @@ CVE-2025-36105 (IBM Planning Analytics Advanced
Certified Containers 3.1.0 throu
NOT-FOR-US: IBM
CVE-2025-2399 (Improper Validation of Specified Index, Position, or Offset in
Input v ...)
NOT-FOR-US: Mitsubishi
-CVE-2025-15603 (A security vulnerability has been detected in open-webui up to
0.6.16. ...)
+CVE-2025-15603
+ REJECTED
NOT-FOR-US: open-webui
CVE-2025-11158 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
NOT-FOR-US: Hitachi Vantana
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/521f3d54743967581aa9ece789091f859b407caa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/521f3d54743967581aa9ece789091f859b407caa
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
