Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d94fa05a by security tracker role at 2026-07-14T07:13:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,224 @@
-CVE-2026-58102
+CVE-2026-7640 (The WP Customer Area plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2026-62328 (9Router through version 0.4.41 contain an unauthenticated 
information  ...)
+       TODO: check
+CVE-2026-62327 (9Router through version 0.4.41 contain an unauthenticated 
information  ...)
+       TODO: check
+CVE-2026-62242 (Spring Boot Admin Server before 4.1.2 contains a server-side 
request f ...)
+       TODO: check
+CVE-2026-62240 (CrewAI before 1.15.1 contains a server-side request forgery 
vulnerabil ...)
+       TODO: check
+CVE-2026-62239 (FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, 
contains  ...)
+       TODO: check
+CVE-2026-62200 (OpenClaw versions before 2026.6.1 contain a flaw in host exec 
environm ...)
+       TODO: check
+CVE-2026-62199 (OpenClaw versions before 2026.6.6 contain a flaw in host exec 
environm ...)
+       TODO: check
+CVE-2026-62198 (OpenClaw versions 2026.5.28 before 2026.6.6 contain an 
authorization b ...)
+       TODO: check
+CVE-2026-62197 (OpenClaw before 2026.6.6 contains a policy bypass 
vulnerability in bro ...)
+       TODO: check
+CVE-2026-62196 (OpenClaw versions 2026.3.22 before 2026.6.6 contain an 
authorization b ...)
+       TODO: check
+CVE-2026-62195 (OpenClaw versions 2026.5.20 before 2026.6.6 contain an 
authorization b ...)
+       TODO: check
+CVE-2026-62194 (OpenClaw versions 2026.5.20 before 2026.6.9 contain a 
privilege escala ...)
+       TODO: check
+CVE-2026-62193 (OpenClaw versions 2026.6.5 before 2026.6.9 contain a 
vulnerability in  ...)
+       TODO: check
+CVE-2026-62192 (OpenClaw versions 2026.6.6 before 2026.6.9 contain an 
authorization by ...)
+       TODO: check
+CVE-2026-62191 (OpenClaw versions 2026.6.6 before 2026.6.9 contain an 
authorization by ...)
+       TODO: check
+CVE-2026-62190 (OpenClaw versions before 2026.6.9 contain an authorization 
bypass vuln ...)
+       TODO: check
+CVE-2026-62189 (OpenClaw versions before 2026.6.9 contain a symlink following 
vulnerab ...)
+       TODO: check
+CVE-2026-62188 (OpenClaw @openclaw/feishu versions 2026.6.6 and earlier 
contain an inc ...)
+       TODO: check
+CVE-2026-62187 (OpenClaw Feishu tools (npm package @openclaw/feishu) in 
versions <= 20 ...)
+       TODO: check
+CVE-2026-62186 (OpenClaw versions before 2026.6.8 contain an authorization 
bypass vuln ...)
+       TODO: check
+CVE-2026-62185 (Argo CD Helm Chart before 10.0.0 fails to install network 
policies by  ...)
+       TODO: check
+CVE-2026-62184 (luci-app-banip contains a log parsing vulnerability where the 
awk-base ...)
+       TODO: check
+CVE-2026-61458 (PasswordPusher before 2.9.2 contains a brute-force 
vulnerability in th ...)
+       TODO: check
+CVE-2026-59801 (9Router through version 0.4.41 contains an unauthenticated 
access vuln ...)
+       TODO: check
+CVE-2026-58500 (MCP Appium is an MCP server that provides AI assistants with 
tools to  ...)
+       TODO: check
+CVE-2026-58489 (HedgeDoc is an open source, real-time collaborative markdown 
notes app ...)
+       TODO: check
+CVE-2026-58488 (HedgeDoc is an open source, real-time, collaborative, markdown 
notes a ...)
+       TODO: check
+CVE-2026-58487 (HedgeDoc is an open source, real-time, collaborative, markdown 
notes a ...)
+       TODO: check
+CVE-2026-58486 (HedgeDoc is an open source, real-time, collaborative, markdown 
notes a ...)
+       TODO: check
+CVE-2026-58411 (ChurchCRM is an open-source church management system. Prior to 
version ...)
+       TODO: check
+CVE-2026-58410 (ChurchCRM is an open-source church management system. Prior to 
version ...)
+       TODO: check
+CVE-2026-58409 (ChurchCRM is an open-source church management system. Prior to 
version ...)
+       TODO: check
+CVE-2026-58408 (ChurchCRM is an open-source church management system. Prior to 
version ...)
+       TODO: check
+CVE-2026-58407
+       REJECTED
+CVE-2026-58233 (SAP Change and Transport System Attach Tool (ctsattach) allows 
an auth ...)
+       TODO: check
+CVE-2026-57856 (Cockpit CMS contains a path traversal vulnerability in the 
Bucket file ...)
+       TODO: check
+CVE-2026-57855 (Cockpit CMS contains a missing authorization vulnerability in 
the Buck ...)
+       TODO: check
+CVE-2026-56877 (The SCORM lab launch endpoint in Skillable 
(scorm.skillable.com) throu ...)
+       TODO: check
+CVE-2026-55773 (CedarJava is an open source Java implementation of the Cedar 
policy la ...)
+       TODO: check
+CVE-2026-55771 (CedarJava is an open source Java implementation of the Cedar 
policy la ...)
+       TODO: check
+CVE-2026-52533 (An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an 
attacker t ...)
+       TODO: check
+CVE-2026-51821 (SQL Injection vulnerability in Shenzhou Shihan Video 
Conference System ...)
+       TODO: check
+CVE-2026-51541 (OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue 
in CIP m ...)
+       TODO: check
+CVE-2026-51540 (OpENer 2.3.0 (master branch up to commit 76b95cf) is 
vulnerable to a s ...)
+       TODO: check
+CVE-2026-51539 (A Denial of Service (DoS) vulnerability exists in the receive 
loop of  ...)
+       TODO: check
+CVE-2026-51538 (EIPStackGroup OpENer 2.3.0 (commit 76b95cf) suffers from an 
Incorrect  ...)
+       TODO: check
+CVE-2026-51537 (EIPStackGroup OpENer 2.3.0 (commit 76b95cf) has an 
out-of-bounds read  ...)
+       TODO: check
+CVE-2026-51536 (In OpENer 2.3.0 (commit 76b95cf) when parsing incoming CIP 
(Common Ind ...)
+       TODO: check
+CVE-2026-48364 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Unc ...)
+       TODO: check
+CVE-2026-48363 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Unc ...)
+       TODO: check
+CVE-2026-44771 (SAP S/4HANA Draft operation does not perform necessary 
authorization c ...)
+       TODO: check
+CVE-2026-44770 (SAP Create Single Payment does not perform necessary 
authorization che ...)
+       TODO: check
+CVE-2026-44769 (SAP S/4HANA application Project Management (PPM-PRO) allows an 
attacke ...)
+       TODO: check
+CVE-2026-44768 (SAP CRM WebClient UI allows an attacker to inject and execute 
maliciou ...)
+       TODO: check
+CVE-2026-44767 (setThemeRoot() failed to enforce the sap-allowed-theme-origins 
allowli ...)
+       TODO: check
+CVE-2026-44761 (SAP Commerce Cloud could retain a sample OAuth2 client with 
publicly d ...)
+       TODO: check
+CVE-2026-44760 (Due to a Cross-Site Scripting (XSS) vulnerability, 
applications based  ...)
+       TODO: check
+CVE-2026-44759 (SAP NetWeaver Enterprise Portal allows an unauthenticated 
attacker to  ...)
+       TODO: check
+CVE-2026-44753 (SAP HANA Database (user self service tools) allows an 
unauthenticated  ...)
+       TODO: check
+CVE-2026-44752 (SAP NetWeaver Application Server Java allows an 
unauthenticated attack ...)
+       TODO: check
+CVE-2026-44747 (SAP NetWeaver Application Server ABAP allows an authenticated 
attacker ...)
+       TODO: check
+CVE-2026-44745 (SAP Approuter does not properly validate incoming request 
headers duri ...)
+       TODO: check
+CVE-2026-39042 (An issue in MikroTIk (SIA Mikrotikls, Latvia) RouterOS 7.21.x 
before v ...)
+       TODO: check
+CVE-2026-27690 (Due to an HTTP Request Smuggling vulnerability in SAP 
Approuter, an un ...)
+       TODO: check
+CVE-2026-15685 (Ollama downloadBlob Improper Validation of Array Index 
Denial-of-Servi ...)
+       TODO: check
+CVE-2026-15684 (Glarysoft Glary Utilities Link Following Local Privilege 
Escalation Vu ...)
+       TODO: check
+CVE-2026-15683 (Lorex 2K Indoor Wi-Fi Security Camera Device Management Server 
Imprope ...)
+       TODO: check
+CVE-2026-15682 (AnyDesk Support Information Link Following Denial-of-Service 
Vulnerabi ...)
+       TODO: check
+CVE-2026-15681 (AnyDesk Screen Recording Link Following Denial-of-Service 
Vulnerabilit ...)
+       TODO: check
+CVE-2026-15680 (Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format 
String Re ...)
+       TODO: check
+CVE-2026-15678 (A security vulnerability has been detected in code-projects 
Online Job ...)
+       TODO: check
+CVE-2026-15677 (A weakness has been identified in code-projects Online Job 
Portal 1.0. ...)
+       TODO: check
+CVE-2026-15676 (A security flaw has been discovered in code-projects Online 
Job Portal ...)
+       TODO: check
+CVE-2026-15675 (A vulnerability was identified in code-projects Online Job 
Portal 1.0. ...)
+       TODO: check
+CVE-2026-15672 (A vulnerability was determined in itsourcecode Electronic 
Judging Syst ...)
+       TODO: check
+CVE-2026-15669 (A vulnerability was found in louisho5 picobot up to 0.2.0. 
This issue  ...)
+       TODO: check
+CVE-2026-15668 (A vulnerability has been found in louisho5 picobot up to 
0.2.0. This v ...)
+       TODO: check
+CVE-2026-15629 (A weakness has been identified in louisho5 picobot up to 
0.2.0. Impact ...)
+       TODO: check
+CVE-2026-15628 (A security flaw has been discovered in zhayujie 
chatgpt-on-wechat CowA ...)
+       TODO: check
+CVE-2026-15627 (A vulnerability was identified in nextlevelbuilder GoClaw up 
to 3.13.3 ...)
+       TODO: check
+CVE-2026-15626 (A vulnerability was determined in nextlevelbuilder GoClaw 
3.13.3-beta. ...)
+       TODO: check
+CVE-2026-15625 (A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. 
Affected  ...)
+       TODO: check
+CVE-2026-15624 (A vulnerability has been found in nextlevelbuilder GoClaw 
3.13.3-beta. ...)
+       TODO: check
+CVE-2026-15622 (A flaw has been found in poco-ai poco-claw up to 0.5.4. 
Affected is th ...)
+       TODO: check
+CVE-2026-15621 (A vulnerability was detected in mosaxiv clawlet up to 0.2.10. 
This imp ...)
+       TODO: check
+CVE-2026-15620 (A security vulnerability has been detected in mosaxiv clawlet 
up to 0. ...)
+       TODO: check
+CVE-2026-15619 (A weakness has been identified in mosaxiv clawlet up to 
0.2.10. The im ...)
+       TODO: check
+CVE-2026-15618 (A security flaw has been discovered in mosaxiv clawlet up to 
0.2.10. T ...)
+       TODO: check
+CVE-2026-15607 (A vulnerability was detected in tanstack db up to 0.6.8. 
Affected by t ...)
+       TODO: check
+CVE-2026-15605 (A security vulnerability has been detected in wandb 
0.25.2.dev1. Affec ...)
+       TODO: check
+CVE-2026-15598 (A weakness has been identified in antv layout 2.0.0. This 
impacts the  ...)
+       TODO: check
+CVE-2026-15597 (A security flaw has been discovered in SourceCodester Class 
and Exam T ...)
+       TODO: check
+CVE-2026-15596 (A vulnerability was identified in SourceCodester Class and 
Exam Timeta ...)
+       TODO: check
+CVE-2026-15595 (A vulnerability was determined in SourceCodester Class and 
Exam Timeta ...)
+       TODO: check
+CVE-2026-15594 (A vulnerability was found in waooAI waoowaoo up to 0.4.1. 
Impacted is  ...)
+       TODO: check
+CVE-2026-12988 (The WP 2FA  WordPress plugin before 3.1.1.2 does not verify 
that the e ...)
+       TODO: check
+CVE-2026-12583 (The Newsletters WordPress plugin before 4.15 does not prevent 
deserial ...)
+       TODO: check
+CVE-2026-12536 (The Avada (Fusion) Builder plugin for WordPress is vulnerable 
to Store ...)
+       TODO: check
+CVE-2026-12511 (The AI Engine  WordPress plugin before 3.5.5 does not sanitize 
a user- ...)
+       TODO: check
+CVE-2026-12482 (A vulnerability in keras-team/keras version 3.12.0 allows an 
attacker  ...)
+       TODO: check
+CVE-2026-12385 (The Smart Slider 3 plugin for WordPress is vulnerable to 
Sensitive Inf ...)
+       TODO: check
+CVE-2026-11802 (The FoodBook Lite - Online Food Ordering System plugin for 
WordPress i ...)
+       TODO: check
+CVE-2026-11567 (The SureForms  WordPress plugin before 2.11.1 does not 
properly valida ...)
+       TODO: check
+CVE-2026-11563 (The Word Count and Social Shares WordPress plugin through 1.0 
does not ...)
+       TODO: check
+CVE-2026-11390 (The News Kit Addons For Elementor plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2026-0487 (SAProuter on Microsoft Windows allows an unauthenticated 
attacker to l ...)
+       TODO: check
+CVE-2025-15665 (The Ultimate Before After Image Slider & Gallery  WordPress 
plugin bef ...)
+       TODO: check
+CVE-2026-58102 (Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a 
heap out-o ...)
        - libcrypt-openssl-x509-perl <unfixed> (bug #1142034)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41792355/
        NOTE: Fixed by: 
https://github.com/dsully/perl-crypt-openssl-x509/commit/757289bfce095455c104d4adfe9312e7b339620f
 (2.1.3)
-CVE-2026-58101
+CVE-2026-58101 (Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow 
denial of se ...)
        - libcrypt-openssl-x509-perl <unfixed> (bug #1142034)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41792358/
        NOTE: Fixed by: 
https://github.com/dsully/perl-crypt-openssl-x509/commit/4c1e2370556097c253ae27abe9e1097ea377fbd2
 (2.1.3)
@@ -49289,6 +49505,7 @@ CVE-2026-25589 (RedisBloom is a probabilistic data 
structures module for Redis.
 CVE-2026-25588 (RedisTimeSeries is a time-series module for Redis. In all 
versions bef ...)
        NOT-FOR-US: RedisTimeSeries Redis module
 CVE-2026-25243 (Redis is an in-memory data structure store. In versions of 
redis-serve ...)
+       {DLA-4682-1}
        [experimental] - redis 5:8.6.3-1
        - redis <unfixed>
        [bullseye] - redis <not-affected> (Vulnerable code not present; checks 
for dups introduced later)
@@ -49297,6 +49514,7 @@ CVE-2026-25243 (Redis is an in-memory data structure 
store. In versions of redis
        NOTE: Fixed by: 
https://github.com/redis/redis/commit/b9dde6fc25dec6191b18374335a076a7b31e3d02 
(8.6.3)
        TODO: check redict and valkey
 CVE-2026-23631 (Redis is an in-memory data structure store. In all versions of 
redis-s ...)
+       {DLA-4682-1}
        [experimental] - redis 5:8.6.3-1
        - redis <unfixed>
        [bullseye] - redis <ignored> (Invasive to backport entire timedOut 
mechanism etc.)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d94fa05adad5c7268760e91b7b9fa2a94737d085

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d94fa05adad5c7268760e91b7b9fa2a94737d085
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to