Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
face9692 by security tracker role at 2026-06-30T19:17:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2026-9711 (The EventON - WordPress Virtual Event Calendar Plugin plugin 
for WordP ...)
+       TODO: check
+CVE-2026-9263 (The Zephyr Bluetooth controller ISO Adaptation Layer 
(subsys/bluetooth ...)
+       TODO: check
+CVE-2026-8864 (The HP Fan Control App might allow local escalation of 
privileges. An  ...)
+       TODO: check
+CVE-2026-8655 (Multiple Memory overflow vulnerabilities inNetScaler ADC and 
NetScaler ...)
+       TODO: check
+CVE-2026-8452 (Memory overflow vulnerabilityNetScaler ADC and NetScaler 
Gatewayleadin ...)
+       TODO: check
+CVE-2026-8451 (Insufficient input validation inNetScaler ADC and NetScaler 
Gatewaylea ...)
+       TODO: check
+CVE-2026-8403 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-8402 (Improper neutralization of special elements used in an SQL 
command ('S ...)
+       TODO: check
+CVE-2026-8141 (The Ajax Load More - Filters plugin for WordPress is vulnerable 
to Sto ...)
+       TODO: check
+CVE-2026-6954 (Cross-Site Scripting (XSS) vulnerability in Intermark IT's 
WebControl  ...)
+       TODO: check
+CVE-2026-6953 (HTML injection vulnerability in Intermark IT's WebControl CMS 
v3.5. Th ...)
+       TODO: check
+CVE-2026-6556 (@fastify/express versions 4.0.6 and earlier only rewrite the 
plugin pr ...)
+       TODO: check
+CVE-2026-58377 (JeecgBoot through 3.9.2 contains a broken access control 
vulnerability ...)
+       TODO: check
+CVE-2026-58376 (Dolibarr through 23.0.3, fixed in commit 14db36e, contains a 
sql injec ...)
+       TODO: check
+CVE-2026-58375 (JimuReport through 2.5.0 exposes the POST 
/jmreport/auto/export endpoi ...)
+       TODO: check
+CVE-2026-58374 (In hostapd before 2.12, a missing bounds check in AP-mode 
Wi-Fi 7 (IEE ...)
+       TODO: check
+CVE-2026-58373 (CVAT before 2.69.0 contains an improper authorization 
vulnerability in ...)
+       TODO: check
+CVE-2026-58372 (SeaweedFS before 4.34 contains a path traversal vulnerability 
in the S ...)
+       TODO: check
+CVE-2026-58371 (SeaweedFS before 4.30 reflects the callback query parameter 
verbatim i ...)
+       TODO: check
+CVE-2026-58370 (Woodpecker before 3.15.0 matches the ApprovalAllowedUsers 
bypass list  ...)
+       TODO: check
+CVE-2026-58369 (Woodpecker before 3.15.0 registers the 
/api/orgs/lookup/*org_full_name ...)
+       TODO: check
+CVE-2026-58176 (RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes 
workflo ...)
+       TODO: check
+CVE-2026-58174 (Hermes WebUI before 0.51.521 validates the workspace of an 
imported se ...)
+       TODO: check
+CVE-2026-58173 (Vibe-Trading before 0.1.10 contains a path traversal 
vulnerability tha ...)
+       TODO: check
+CVE-2026-58172 (Ocelot through 24.1.0, fixed in commit f156fd4, contains a 
security co ...)
+       TODO: check
+CVE-2026-58171 (Vibe-Trading before 0.1.10 constructs the swarm run directory 
by joini ...)
+       TODO: check
+CVE-2026-58170 (Vibe-Trading before 0.1.10 builds the proposal file path by 
joining a  ...)
+       TODO: check
+CVE-2026-58169 (Vibe-Trading before 0.1.10 contains a DNS rebinding 
authentication byp ...)
+       TODO: check
+CVE-2026-58168 (DeepTutor before version 1.4.10 contains an authorization 
bypass vulne ...)
+       TODO: check
+CVE-2026-58167 (Nightingale (n9e) before 9.0.0-beta.2 exposes full datasource 
configur ...)
+       TODO: check
+CVE-2026-58166 (OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, 
contains a pat ...)
+       TODO: check
+CVE-2026-58165 (OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a 
privilege  ...)
+       TODO: check
+CVE-2026-58138 (Orkes Conductor 3.21.21 before 3.30.2 contains an 
unauthenticated remo ...)
+       TODO: check
+CVE-2026-58116 (LLaMA-Factory through 0.9.5 contains a remote code execution 
vulnerabi ...)
+       TODO: check
+CVE-2026-58016 (A flaw was found in GLib. A state confusion issue exists in 
g_dbus_nod ...)
+       TODO: check
+CVE-2026-58015 (A flaw was found in GLib. The D-Bus client-side implementation 
of the  ...)
+       TODO: check
+CVE-2026-58014 (A flaw was found in GLib. An off-by-one error can occur in the 
g_key_f ...)
+       TODO: check
+CVE-2026-58013 (A flaw was found in GLib. A buffer over-read can occur in 
g_io_channel ...)
+       TODO: check
+CVE-2026-58012 (A flaw was found in GLib. A buffer over-read can occur in the 
g_regex_ ...)
+       TODO: check
+CVE-2026-58011 (A flaw was found in GLib. An out-of-bounds read of only 2 
bytes can oc ...)
+       TODO: check
+CVE-2026-58010 (A flaw was found in GLib. An off-by-one error can occur in the 
gvs_tup ...)
+       TODO: check
+CVE-2026-54475 (Missing Authorization vulnerability in Apache ActiveMQ Broker, 
Apache  ...)
+       TODO: check
+CVE-2026-53917 (Memory Allocation with Excessive Size Value vulnerability in 
Apache Ac ...)
+       TODO: check
+CVE-2026-53916 (Memory Allocation with Excessive Size Value vulnerability in 
Apache Ac ...)
+       TODO: check
+CVE-2026-53692 (Redeight CMS version 1.0 uses the MD5 algorithm without a salt 
to stor ...)
+       TODO: check
+CVE-2026-53691 (An Unrestricted File Upload vulnerability in Redeight CMS 
version 1.0  ...)
+       TODO: check
+CVE-2026-53690 (An SQL Injection vulnerability exists in Redeight CMS version 
1.0 via  ...)
+       TODO: check
+CVE-2026-53433 (fzf is vulnerable to a Denial of Service (DoS) due to 
inefficient HTTP ...)
+       TODO: check
+CVE-2026-53432 (fzf is vulnerable toInteger Overflow leading to crash in 
FuzzyMatchV2  ...)
+       TODO: check
+CVE-2026-52760 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2026-50750 (Denial of Service via Out of Memory vulnerability in Apache 
ActiveMQ B ...)
+       TODO: check
+CVE-2026-50734 (Memory Allocation with Excessive Size Value vulnerability in 
Apache Ac ...)
+       TODO: check
+CVE-2026-4629 (A flaw was found in Keycloak. A highly privileged user with 
`manage-cl ...)
+       TODO: check
+CVE-2026-4360 (In the Tarfile.extract() function, the filter parameter is not 
passed  ...)
+       TODO: check
+CVE-2026-49877 (Improper Authorization vulnerability in Apache ActiveMQ.  An 
authentic ...)
+       TODO: check
+CVE-2026-49451 (The OpenAPI.NET SDK contains a useful object model for OpenAPI 
documen ...)
+       TODO: check
+CVE-2026-49434 (Improper Input Validation vulnerability in Apache ActiveMQ 
Broker, Apa ...)
+       TODO: check
+CVE-2026-49432 (Improper Input Validation vulnerability in Apache ActiveMQ, 
Apache Act ...)
+       TODO: check
+CVE-2026-48315 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
+       TODO: check
+CVE-2026-48314 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
+       TODO: check
+CVE-2026-48313 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
+       TODO: check
+CVE-2026-48307 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by a refl ...)
+       TODO: check
+CVE-2026-48286 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and 
earlier are ...)
+       TODO: check
+CVE-2026-48285 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by a Serv ...)
+       TODO: check
+CVE-2026-48283 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Unr ...)
+       TODO: check
+CVE-2026-48282 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
+       TODO: check
+CVE-2026-48281 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
+       TODO: check
+CVE-2026-48277 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
+       TODO: check
+CVE-2026-48276 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Unr ...)
+       TODO: check
+CVE-2026-48192 (A vulnerability has been identified in Mendix Studio Pro 10.11 
(All ve ...)
+       TODO: check
+CVE-2026-47105
+       REJECTED
+CVE-2026-45822 (decode-uri-component through 0.4.1 is vulnerable to denial of 
service. ...)
+       TODO: check
+CVE-2026-44949 (A Rancher FleetWorkspace admission path allowed side effects 
to occur  ...)
+       TODO: check
+CVE-2026-44948 (A path traversal vulnerability was found in Fleet's ImageScan 
subsyste ...)
+       TODO: check
+CVE-2026-44947 (A missing clean-up in the legacy Project Role Template Binding 
(PRTB)  ...)
+       TODO: check
+CVE-2026-44946 (A SAML authentication replay vulnerability in Rancher's 
Assertion  Con ...)
+       TODO: check
+CVE-2026-41053 (Incorrect authentication caching in the team member ship 
expansion of  ...)
+       TODO: check
+CVE-2026-35098 (KTM System e-BOK does not implement any limit or timeout on 
consecutiv ...)
+       TODO: check
+CVE-2026-35097 (KTM System e-BOK enforces a maximum password length of six 
numeric dig ...)
+       TODO: check
+CVE-2026-35096 (KTM System e-BOK is vulnerable to Cross\u2011Site Request 
Forgery (CSR ...)
+       TODO: check
+CVE-2026-35095 (KTM System e-BOK allows the session identifier to be set by 
the client ...)
+       TODO: check
+CVE-2026-27957 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-27956 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-27955 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-27883 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-27882 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-27881 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-14241 (Memory safety bugs present in Firefox 152.0.3. Some of these 
bugs show ...)
+       TODO: check
+CVE-2026-14209 (A vulnerability was discovered in Keycloak's Admin UI 
extension that a ...)
+       TODO: check
+CVE-2026-14178 (openGauss \u5728\u5904\u7406\u5e26 NLS \u53c2\u6570\u7684 
to_timestamp ...)
+       TODO: check
+CVE-2026-14162 (Hospital Queuing Management developed by Advantech has a 
Sensitive Dat ...)
+       TODO: check
+CVE-2026-14161 (Hospital Quening Management developed by Advantech has a 
Sensitive Dat ...)
+       TODO: check
+CVE-2026-13474 (Denial of service via malformed HTTP/2 requests inNetScaler 
ADC and Ne ...)
+       TODO: check
+CVE-2026-13455 (PostgreSQL Anonymizer contains a vulnerability that allows 
unprivilege ...)
+       TODO: check
+CVE-2026-13316 (A flaw has been found in foreman when HTTP parameters are 
modified in  ...)
+       TODO: check
+CVE-2026-13149 (brace-expansion through 5.0.6 is vulnerable to denial of 
service. The  ...)
+       TODO: check
+CVE-2026-12610 (A flaw was found in sssd. When authenticating with a YubiKey, 
the SSSD ...)
+       TODO: check
+CVE-2026-12578 (The affected product is vulnerable to a deserialization of 
untrusted d ...)
+       TODO: check
+CVE-2026-12388 (A flaw was found in the Identity Provider (IdP) mapper 
component of Ke ...)
+       TODO: check
+CVE-2026-12076 (Raytha CMS is vulnerable to SQL Injection within the OData 
filter pars ...)
+       TODO: check
+CVE-2026-10817 (Insufficient input validation leading to memory overread 
inNetScaler A ...)
+       TODO: check
+CVE-2026-10816 (Arbitrary File Read (Unauthenticated) inNetScaler ADC and 
NetScaler Ga ...)
+       TODO: check
+CVE-2026-10763 (PROMOD V is using insecure HTTP communication instead of 
HTTPS. The vu ...)
+       TODO: check
+CVE-2026-10655 (The asynchronous SNTP client in Zephyr 
(subsys/net/lib/sntp/sntp.c, sn ...)
+       TODO: check
+CVE-2026-10654 (A race condition in the Zephyr Bluetooth Classic RFCOMM host 
stack (su ...)
+       TODO: check
+CVE-2026-10653 (The Zephyr net_buf library (lib/net_buf/buf.c) manipulated 
both of its ...)
+       TODO: check
+CVE-2026-10652 (Zephyr's DNS resolver (subsys/net/lib/dns) parses resource 
records fro ...)
+       TODO: check
+CVE-2026-10513 (The Webmention plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2025-7406 (Nokia MantaRay NM is vulnerable to a sudo privilege escalation 
vulnera ...)
+       TODO: check
+CVE-2025-53648 (SQL misconfiguration in the Gravitino UI, in versions 1.0.0 
and below, ...)
+       TODO: check
+CVE-2025-24816 (Nokia MantaRay is subject to an Improper Access Control 
vulnerability  ...)
+       TODO: check
+CVE-2025-24815 (Nokia MantaRay NM is subject to an unrestricted file upload 
vulnerabil ...)
+       TODO: check
 CVE-2026-58030 [Escape linelinks argument before passing it on to Pygments]
        - mediawiki <unfixed>
        NOTE: https://phabricator.wikimedia.org/T427167
@@ -54,15 +278,15 @@ CVE-2026-58036 [Fix ApiQueryUsers leaking status ofprivate 
user conditions for u
        - mediawiki <not-affected> (Only affects 1.46 and later)
        NOTE: https://phabricator.wikimedia.org/T425406
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306035 (master)
-CVE-2026-13766
+CVE-2026-13766 (DBIx::QuickORM versions before 0.000026 for Perl allow SQL 
injection v ...)
        NOT-FOR-US: DBIx::QuickORM Perl module
-CVE-2026-57082
+CVE-2026-57082 (Net::BitTorrent versions through 2.0.1 for Perl generate the 
MSE Diffi ...)
        NOT-FOR-US: Net::BitTorrent Perl module
-CVE-2026-57081
+CVE-2026-57081 (Net::BitTorrent versions through 2.0.1 for Perl allow remote 
memory ex ...)
        NOT-FOR-US: Net::BitTorrent Perl module
-CVE-2026-57080
+CVE-2026-57080 (Net::BitTorrent versions through 2.0.1 for Perl allow remote 
memory ex ...)
        NOT-FOR-US: Net::BitTorrent Perl module
-CVE-2026-57079
+CVE-2026-57079 (Net::BitTorrent versions through 2.0.1 for Perl write files 
outside th ...)
        NOT-FOR-US: Net::BitTorrent Perl module
 CVE-2026-57964
        - spice-vdagent <not-affected> (MacOS/BSD specific)
@@ -13026,11 +13250,11 @@ CVE-2026-49839 (jq is a command-line JSON processor. 
Prior to 1.8.2,` jq --rawfi
        - jq 1.8.1-8
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-cfh2-vwfq-qfmm
 CVE-2026-44236
-       {DSA-6343-1}
+       {DSA-6343-1 DLA-4658-1}
        - librabbitmq 0.16.0-1
        NOTE: 
https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-jh48-qjf5-fx5v
 CVE-2026-44235
-       {DSA-6343-1}
+       {DSA-6343-1 DLA-4658-1}
        - librabbitmq 0.16.0-1
        NOTE: 
https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-9mmv-r8g3-qp46
 CVE-2026-9279 (Logseq exposes an IPC handler that allows the renderer process 
to exec ...)
@@ -71417,7 +71641,8 @@ CVE-2026-29076 (cpp-httplib is a C++11 single-file 
header-only cross platform HT
        NOTE: Fixed by: 
https://github.com/yhirose/cpp-httplib/commit/de296af3eb5b0d5c116470e033db900e4812c5e6
 (v0.37.0)
 CVE-2026-29067 (ZITADEL is an open source identity management platform. From 
version 4 ...)
        NOT-FOR-US: Zitadel
-CVE-2026-28678 (DSA Study Hub is an interactive educational web application. 
Prior to  ...)
+CVE-2026-28678
+       REJECTED
        NOT-FOR-US: DSA Study Hub
 CVE-2026-24308 (Improper handling of configuration values in ZKConfig in 
Apache ZooKee ...)
        - zookeeper 3.9.5-1 (bug #1130497)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/face96920e82d0c375691d0428c27c41eca994e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/face96920e82d0c375691d0428c27c41eca994e6
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to