[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 20 Jun 2026 00:13:30 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ee64c729 by security tracker role at 2026-06-20T07:13:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2026-9843 (The Database for Contact Form 7, WPforms, Elementor forms 
plugin for W ...)
+       TODO: check
+CVE-2026-9375 (urllib3 version 2.6.3 is vulnerable to a decompression bomb 
bypass in  ...)
+       TODO: check
+CVE-2026-9265 (Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a 
heap OO ...)
+       TODO: check
+CVE-2026-56216 (Capgo before 12.128.2 contains a scope escalation 
vulnerability in the ...)
+       TODO: check
+CVE-2026-56215 (Capgo before 12.128.12 allows authenticated users to modify 
their muta ...)
+       TODO: check
+CVE-2026-56214 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
+       TODO: check
+CVE-2026-56213 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability i ...)
+       TODO: check
+CVE-2026-56212 (Capgo before 12.128.2 contains an authentication logic flaw: a 
user wi ...)
+       TODO: check
+CVE-2026-56082 (Capgo (Cap-go/capgo) before 12.128.2 contains an improper 
access contr ...)
+       TODO: check
+CVE-2026-56081 (Cap-go before 12.128.2 contains an authentication logic flaw 
that lets ...)
+       TODO: check
+CVE-2026-56080 (Capgo before 12.128.2 contains a flaw in the Enforce Password 
Policy f ...)
+       TODO: check
+CVE-2026-56079 (Capgo before 12.128.2 contains a cross-tenant authorization 
bypass vul ...)
+       TODO: check
+CVE-2026-56073 (Cap-go before 12.128.2 contains an authentication bypass 
vulnerability ...)
+       TODO: check
+CVE-2026-50559 (Quarkus is a Java framework for building cloud-native 
applications. Pr ...)
+       TODO: check
+CVE-2026-50519 (Initialization of a resource with an insecure default in 
GitHub Copilo ...)
+       TODO: check
+CVE-2026-49346 (libde265 is an open source implementation of the h.265 video 
codec. Pr ...)
+       TODO: check
+CVE-2026-49345 (Mercator is an open source web application that enables 
mapping of the ...)
+       TODO: check
+CVE-2026-49344 (Mercator is an open source web application that enables 
mapping of the ...)
+       TODO: check
+CVE-2026-49342 (YARD is a documentation generation tool for the Ruby 
programming langu ...)
+       TODO: check
+CVE-2026-49340 (gonic is a music streaming server / free-software subsonic 
server API  ...)
+       TODO: check
+CVE-2026-49338 (gonic is a music streaming server / free-software subsonic 
server API  ...)
+       TODO: check
+CVE-2026-49337 (libde265 is an open source implementation of the h.265 video 
codec. Pr ...)
+       TODO: check
+CVE-2026-49295 (libde265 is an open source implementation of the h.265 video 
codec. Pr ...)
+       TODO: check
+CVE-2026-48794 (Authelia is an open-source authentication and authorization 
server pro ...)
+       TODO: check
+CVE-2026-48787 (gin-vue-admin is an AI-assisted basic development platform. In 
version ...)
+       TODO: check
+CVE-2026-48774 (ProxySQL is a proxy for MySQL and its forks, as well as 
PostgreSQL. In ...)
+       TODO: check
+CVE-2026-48773 (ProxySQL is a proxy for MySQL and its forks, as well as 
PostgreSQL. Ve ...)
+       TODO: check
+CVE-2026-48772 (ProxySQL is a proxy for MySQL and its forks, as well as 
PostgreSQL. In ...)
+       TODO: check
+CVE-2026-48584 (Execution with unnecessary privileges in Azure Synapse allows 
an autho ...)
+       TODO: check
+CVE-2026-48582 (Missing authorization in Microsoft Exchange Online allows an 
authorize ...)
+       TODO: check
+CVE-2026-48129 (Kestra is an open-source, event-driven orchestration platform. 
Prior t ...)
+       TODO: check
+CVE-2026-48089 (DevGuard provides vulnerability management for the full 
software suppl ...)
+       TODO: check
+CVE-2026-47645 (Url redirection to untrusted site ('open redirect') in 
Microsoft 365 C ...)
+       TODO: check
+CVE-2026-47203 (Authelia is an open-source authentication and authorization 
server pro ...)
+       TODO: check
+CVE-2026-45480 (Improper authentication in Azure Active Directory allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-42895 (Improper neutralization of special elements used in a command 
('comman ...)
+       TODO: check
+CVE-2026-32208 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-27878 (A TraceQL query in Grafana Tempo with a large exemplars hint 
value can ...)
+       TODO: check
+CVE-2026-12726 (A flaw was found in the AWX GitHub webhook integration. When 
processin ...)
+       TODO: check
+CVE-2026-11551 (The Branda plugin for WordPress is vulnerable to privilege 
escalation  ...)
+       TODO: check
 CVE-2026-9143 (There is an incorrect conversion between numeric types 
vulnerability i ...)
        NOT-FOR-US: National Instruments
 CVE-2026-9142 (There is an insecure default credentials vulnerability in NI 
grpc-devi ...)
@@ -6445,7 +6525,7 @@ CVE-2026-45484 (Deserialization of untrusted data in 
Microsoft Office SharePoint
        NOT-FOR-US: Microsoft
 CVE-2026-45483 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45482 (Improper limitation of a pathname to a restricted directory 
('path tra ...)
+CVE-2026-45482 (Initialization of a resource with an insecure default in 
GitHub Copilo ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45481 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Microsoft
@@ -8733,7 +8813,7 @@ CVE-2026-45291 (Cloudburst Network provides network 
components used within Cloud
        NOT-FOR-US: Cloudburst Network
 CVE-2026-45290 (Cloudburst Network provides network components used within 
Cloudburst  ...)
        NOT-FOR-US: Cloudburst Network
-CVE-2026-42824 (Improper neutralization of special elements used in a command 
('comman ...)
+CVE-2026-42824 (Missing authentication for critical function in M365 Copilot 
allows an ...)
        NOT-FOR-US: Microsoft
 CVE-2026-41567 (Moby is an open source container framework. In versions prior 
to 29.5. ...)
        - docker.io <unfixed> (bug #1139965)
@@ -19268,7 +19348,7 @@ CVE-2025-62745 (Improper Neutralization of Input During 
Web Page Generation ('Cr
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48099
        - python-wsgidav <itp> (bug #1032213)
-CVE-2026-48715 [Stack Buffer Overflow in radvdump Route Information Option 
Parser]
+CVE-2026-48715 (radvd is a router advertisement daemon for IPv6. Prior to 
version 2.21 ...)
        - radvd <unfixed> (bug #1138049; unimportant)
        NOTE: 
https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379
        NOTE: Crash in CLI tool, no security impact



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee64c7295e8b299a7914eb84a920fb38a3fc558d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee64c7295e8b299a7914eb84a920fb38a3fc558d
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to