Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
30e4cee4 by security tracker role at 2026-06-23T07:13:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,167 @@
+CVE-2026-8379 (The Frontend File Manager Plugin WordPress plugin through 23.6 
does no ...)
+       TODO: check
+CVE-2026-8378 (The Frontend File Manager Plugin WordPress plugin through 23.6 
does no ...)
+       TODO: check
+CVE-2026-8172 (The Simple Basic Contact Form WordPress plugin through 20250114 
does n ...)
+       TODO: check
+CVE-2026-8163 (The Infility Global WordPress plugin before 2.15.19 does not 
properly  ...)
+       TODO: check
+CVE-2026-7842 (The Infility Global Infility Global WordPress plugin before 
2.15.20 fo ...)
+       TODO: check
+CVE-2026-56698 (Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to 
validat ...)
+       TODO: check
+CVE-2026-56697 (Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept 
protocol ...)
+       TODO: check
+CVE-2026-56357 (n8n before 1.123.15 and 2.5.0 contains a webhook forgery 
vulnerability ...)
+       TODO: check
+CVE-2026-56348 (n8n before 2.20.0 contains a credential exfiltration 
vulnerability in  ...)
+       TODO: check
+CVE-2026-56326 (Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain 
a serve ...)
+       TODO: check
+CVE-2026-56324 (Capgo before 12.128.2 contains a rate limit bypass 
vulnerability in th ...)
+       TODO: check
+CVE-2026-56323 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
+       TODO: check
+CVE-2026-56321 (Capgo (backend Supabase edge functions) before 12.128.2 does 
not apply ...)
+       TODO: check
+CVE-2026-56314 (Capgo before 12.128.12 fails to filter deleted app versions 
when joini ...)
+       TODO: check
+CVE-2026-56311 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability i ...)
+       TODO: check
+CVE-2026-56306 (Capgo before 12.128.2 contains a weak parsing vulnerability in 
the x-l ...)
+       TODO: check
+CVE-2026-56280 (Cap-go before 12.128.2 contains a privilege inversion 
vulnerability in ...)
+       TODO: check
+CVE-2026-56268 (Flowise before 3.1.2 contains an information disclosure 
vulnerability  ...)
+       TODO: check
+CVE-2026-56266 (Crawl4AI before 0.8.7 contains a server-side request forgery 
vulnerabi ...)
+       TODO: check
+CVE-2026-56255 (Capgo before 12.128.2 contains a denial of service 
vulnerability in th ...)
+       TODO: check
+CVE-2026-56221 (Cap-go before 12.128.2 contains multiple SQL injection 
vulnerabilities ...)
+       TODO: check
+CVE-2026-55655 (A flaw was found in OpenSSH. A local unprivileged attacker on 
a Linux  ...)
+       TODO: check
+CVE-2026-55654 (A flaw was found in OpenSSH. This vulnerability, a heap 
out-of-bounds  ...)
+       TODO: check
+CVE-2026-55653 (A flaw was found in OpenSSH. A malicious SSH server can 
exploit a doub ...)
+       TODO: check
+CVE-2026-55603 (http-proxy-middleware is node.js http-proxy middleware. From 
3.0.4 unt ...)
+       TODO: check
+CVE-2026-55599 (phpseclib is a PHP secure communications library. From 0.1.1 
until 1.0 ...)
+       TODO: check
+CVE-2026-55409 (Filament is a collection of full-stack components for 
accelerated Lara ...)
+       TODO: check
+CVE-2026-54911 (UltraJSON is a fast JSON encoder and decoder written in pure C 
with bi ...)
+       TODO: check
+CVE-2026-54651 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.13 ...)
+       TODO: check
+CVE-2026-54531 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.13 ...)
+       TODO: check
+CVE-2026-54530 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.13 ...)
+       TODO: check
+CVE-2026-54281 (Nest is a framework for building scalable Node.js server-side 
applicat ...)
+       TODO: check
+CVE-2026-54236 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2026-54235 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2026-54233 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2026-54232 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2026-53923 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2026-49468 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
+       TODO: check
+CVE-2026-49461 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.12 ...)
+       TODO: check
+CVE-2026-49460 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.12 ...)
+       TODO: check
+CVE-2026-48746 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2026-48517 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48516 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48515 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48514 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48513 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48512 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48511 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48510 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48509 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48506 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48505 (Filament is a collection of full-stack components for 
accelerated Lara ...)
+       TODO: check
+CVE-2026-48502 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48500 (Filament is a collection of full-stack components for 
accelerated Lara ...)
+       TODO: check
+CVE-2026-48167 (Filament is a collection of full-stack components for 
accelerated Lara ...)
+       TODO: check
+CVE-2026-48166 (Filament is a collection of full-stack components for 
accelerated Lara ...)
+       TODO: check
+CVE-2026-48109 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
+       TODO: check
+CVE-2026-48067 (Filament is a collection of full-stack components for 
accelerated Lara ...)
+       TODO: check
+CVE-2026-47242 (Net::IMAP implements Internet Message Access Protocol (IMAP) 
client fu ...)
+       TODO: check
+CVE-2026-47241 (Net::IMAP implements Internet Message Access Protocol (IMAP) 
client fu ...)
+       TODO: check
+CVE-2026-47240 (Net::IMAP implements Internet Message Access Protocol (IMAP) 
client fu ...)
+       TODO: check
+CVE-2026-47155 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2026-45034 (PhpSpreadsheet is a pure PHP library for reading and writing 
spreadshe ...)
+       TODO: check
+CVE-2026-44889 (WebOb provides objects for HTTP requests and responses. Prior 
to 1.8.1 ...)
+       TODO: check
+CVE-2026-44727 (Jupyter Server is the backend for Jupyter web applications. 
Prior to 2 ...)
+       TODO: check
+CVE-2026-44311 (Fabric.js is a Javascript HTML5 canvas library. Prior to 
7.4.0, a pote ...)
+       TODO: check
+CVE-2026-44274 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, 
contain  ...)
+       TODO: check
+CVE-2026-44273 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, 
contain  ...)
+       TODO: check
+CVE-2026-44272 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, 
contain  ...)
+       TODO: check
+CVE-2026-44271 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, 
contain  ...)
+       TODO: check
+CVE-2026-41523 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2026-41479 (Authlib is a Python library which builds OAuth and OpenID 
Connect serv ...)
+       TODO: check
+CVE-2026-39904 (Gophish through 0.12.1 contains a denial of service 
vulnerability that ...)
+       TODO: check
+CVE-2026-12866 (All versions of the package expr-eval are vulnerable to Code 
Execution ...)
+       TODO: check
+CVE-2026-11833 (Overview:  A vulnerability has been found in FAST/TOOLS and CI 
Server. ...)
+       TODO: check
+CVE-2026-10852 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application 
Server, and IB ...)
+       TODO: check
+CVE-2026-10658 (A missing length validation in the Zephyr Bluetooth Host ISO 
receive p ...)
+       TODO: check
+CVE-2026-10651 (A malformed Bluetooth Classic SDP attribute can trigger a 
reachable as ...)
+       TODO: check
+CVE-2026-10645 (Zephyr's ext2 directory-entry parser does not fully validate 
on-disk d ...)
+       TODO: check
+CVE-2025-71358 (picklescan before 0.0.29 fails to detect malicious pickle 
files that e ...)
+       TODO: check
+CVE-2025-71344 (picklescan before 0.0.30 (affected versions 0.0.26 and 
earlier) fails  ...)
+       TODO: check
+CVE-2025-71339 (Picklescan before 0.0.33 fails to detect the 
numpy.f2py.crackfortran._ ...)
+       TODO: check
 CVE-2026-9610 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 
9.1.7, 9 ...)
        NOT-FOR-US: IBM
 CVE-2026-9320 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere 
Applic ...)
@@ -1199,7 +1363,7 @@ CVE-2026-55766
        - php-guzzlehttp-psr7 2.12.1-1
        [trixie] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/guzzle/psr7/security/advisories/GHSA-vm85-hxw5-5432
-CVE-2026-48931
+CVE-2026-48931 (A flaw in Node.js HTTP Agent can cause a client to accept as 
valid a r ...)
        - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#http-response-queue-poisoning-via-toctou-race-condition-in-httpagent-cve-2026-48931---low
        NOTE: 
https://github.com/nodejs/node/commit/0a22d40180cb796e0d68e94c1a7a8a05a8f47c10 
(v22.23.0)
@@ -1245,6 +1409,7 @@ CVE-2026-9158 (In Eclipse 4diac FORTE versions 3.0.0 to 
3.1.0, a specially craft
 CVE-2026-8811 (SEPPmail versions before 15.0.5 allow improper handling of 
attachment  ...)
        NOT-FOR-US: SEPPmail
 CVE-2026-8461 (An out-of-bounds write vulnerability in FFmpeg's libavcodec 
library, s ...)
+       {DSA-6361-1}
        - ffmpeg 7:8.1.2-1
        NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159
        NOTE: Fixed by: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/c23d4da3128c279b714b282e6ec292e8755007e3
 (master)
@@ -44835,6 +45000,7 @@ CVE-2026-30999 (A heap buffer overflow in the 
av_bprint_finalize() function of F
 CVE-2026-30998 (An improper resource deallocation and closure vulnerability in 
the too ...)
        NOTE: Bogus CVE assignment for ffmpeg, gets cleaned up by the OS anyway
 CVE-2026-30997 (An out-of-bounds read in the read_global_param() function 
(libavcodec/ ...)
+       {DSA-6361-1}
        - ffmpeg <unfixed>
        [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        [bullseye] - ffmpeg <postponed> (Minor issue)
@@ -49122,7 +49288,7 @@ CVE-2026-34986 (Go JOSE provides an implementation of 
the Javascript Object Sign
        NOTE: 
https://github.com/go-jose/go-jose/commit/02464163e1e891db85257cb8860978a1c0226016
 (v3.0.5)
 CVE-2026-34981 (The whisperX API is a tool for enhancing and analyzing audio 
content.  ...)
        NOT-FOR-US: whisperX API
-CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. Prior 
to 3.2. ...)
+CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. In 
versions 3 ...)
        NOT-FOR-US: AperiSolve
 CVE-2026-34976 (Dgraph is an open source distributed GraphQL database. Prior 
to 25.3.1 ...)
        NOT-FOR-US: Dgraph
@@ -202566,7 +202732,7 @@ CVE-2025-25054 (Movable Type contains a reflected 
cross-site scripting vulnerabi
 CVE-2025-24841 (Movable Type contains a stored cross-site scripting 
vulnerability in t ...)
        - movabletype-opensource <removed>
 CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to 
contain a seg ...)
-       {DLA-4073-1}
+       {DSA-6361-1 DLA-4073-1}
        - ffmpeg 7:8.0.1-2
        [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        NOTE: https://trac.ffmpeg.org/ticket/11393



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4cee46a90cdb3866580dff2c04fc6bc10b61c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4cee46a90cdb3866580dff2c04fc6bc10b61c
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to