Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
629a2230 by security tracker role at 2026-07-17T07:13:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,16 +1,560 @@
-CVE-2026-57077
+CVE-2026-9810 (The AI Copilot WordPress plugin before 1.5.4 does not bind
OAuth acce ...)
+ TODO: check
+CVE-2026-9494 (An information disclosure vulnerability exists in Canonical
ubuntu-pro ...)
+ TODO: check
+CVE-2026-9046 (A potential insecure permissions vulnerability was reported in
Legion ...)
+ TODO: check
+CVE-2026-8616 (The Fense Proxy & VPN Blocker plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2026-7543 (The Breakdance plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-6511 (During an internal security assessment, a potential improper
access co ...)
+ TODO: check
+CVE-2026-6424 (Use-after-free vulnerability in ESET Linux productspotentially
allowed ...)
+ TODO: check
+CVE-2026-6423 (A local privilege escalation vulnerability in ESET Inspect
Connector. ...)
+ TODO: check
+CVE-2026-63397 (remorses/genql before version 6.3.4 allows an authenticated
attacker w ...)
+ TODO: check
+CVE-2026-63306 (stoatchat before 0.13.5 contains an unauthenticated
server-side reques ...)
+ TODO: check
+CVE-2026-63305 (AVideo through 29.0 contains an OS command injection
vulnerability in ...)
+ TODO: check
+CVE-2026-63304 (AVideo through 29.0 contains an OS command injection
vulnerability in ...)
+ TODO: check
+CVE-2026-63089 (WireGuard Easy through 15.3.0, fixed in commit 66b292b,
contains a cry ...)
+ TODO: check
+CVE-2026-63088 (stoatchat before 0.14.0 contains a server-side request forgery
(SSRF) ...)
+ TODO: check
+CVE-2026-63087 (Grafana OnCall through 1.16.11 contains an unauthenticated
access vuln ...)
+ TODO: check
+CVE-2026-63086 (text-generation-inference through 3.3.7 contains a server-side
request ...)
+ TODO: check
+CVE-2026-63085 (Axelor Open Platform versions 8.x prior to 8.2.2 contains an
authoriza ...)
+ TODO: check
+CVE-2026-63082 (Perfect Support Ticketing & Document Management System through
1.7 con ...)
+ TODO: check
+CVE-2026-63081 (Perfect Support Ticketing & Document Management System through
1.7 con ...)
+ TODO: check
+CVE-2026-62994 (CoreDNS is a DNS server written in Go. From 1.9.4 until
1.14.5, a netw ...)
+ TODO: check
+CVE-2026-62963 (Centrifugo is an open-source scalable real-time messaging
server. Prio ...)
+ TODO: check
+CVE-2026-62826 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-62387 (The Grav API plugin (getgrav/grav-plugin-api) before
1.0.0-rc.16 shipp ...)
+ TODO: check
+CVE-2026-62386 (The Grav API plugin (getgrav/grav-plugin-api) before
1.0.0-rc.16 accep ...)
+ TODO: check
+CVE-2026-62309 (CoreDNS is a DNS server written in Go. Prior to 1.14.4, a
single 28-by ...)
+ TODO: check
+CVE-2026-62299 (CoreDNS is a DNS server written in Go. Prior to 1.14.5, the
CoreDNS re ...)
+ TODO: check
+CVE-2026-62290 (cert-manager adds certificates and certificate issuers as
resource typ ...)
+ TODO: check
+CVE-2026-62241 (clawvet self-hosted API server (apps/api) before 0.7.5
hard-codes a fa ...)
+ TODO: check
+CVE-2026-62238 (OpenRemote before 1.26.0 contain an authenticated SQL
injection vulner ...)
+ TODO: check
+CVE-2026-62237 (Grav before 2.0.4 contains a regular expression denial of
service (ReD ...)
+ TODO: check
+CVE-2026-62236 (grav-plugin-login before 3.8.11 contains a cross-site request
forgery ...)
+ TODO: check
+CVE-2026-62235 (Grav Flex-Objects before version 1.4.3 contains a broken
access contro ...)
+ TODO: check
+CVE-2026-62234 (Grav before 2.0.4 fails to restrict cURL protocols in webhook
dispatch ...)
+ TODO: check
+CVE-2026-62233 (grav-plugin-api before 1.0.6 fails to validate super-admin
status in c ...)
+ TODO: check
+CVE-2026-62232 (Grav before 2.0.4 contains a two-factor authentication bypass
vulnerab ...)
+ TODO: check
+CVE-2026-62231 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.6
contains an ...)
+ TODO: check
+CVE-2026-62230 (Grav before 2.0.4 ships a default .htaccess (and reference
webserver-c ...)
+ TODO: check
+CVE-2026-62229 (OpenClaw before 2026.5.18 contain an authorization bypass
vulnerabilit ...)
+ TODO: check
+CVE-2026-62228 (OpenClaw before 2026.6.5 contain an authorization bypass
vulnerability ...)
+ TODO: check
+CVE-2026-62227 (OpenClaw 2026.4.14 before 2026.5.26 contain a server-side
request forg ...)
+ TODO: check
+CVE-2026-62226 (OpenClaw 2026.3.28 before 2026.5.19 contain an authorization
bypass vu ...)
+ TODO: check
+CVE-2026-62225 (OpenClaw versions before 2026.5.18 contain an authorization
bypass vul ...)
+ TODO: check
+CVE-2026-62224 (OpenClaw MS Teams before 2026.5.12 contain an authorization
bypass vul ...)
+ TODO: check
+CVE-2026-62223 (OpenClaw before 2026.5.18 contain an authorization bypass
vulnerabilit ...)
+ TODO: check
+CVE-2026-62222 (OpenClaw before 2026.5.22 contain a vulnerability in
setup-mode discov ...)
+ TODO: check
+CVE-2026-62221 (OpenClaw 2026.5.12 before 2026.5.26 contain an incorrect
authorization ...)
+ TODO: check
+CVE-2026-62220 (OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller
or conf ...)
+ TODO: check
+CVE-2026-62219 (OpenClaw 2026.2.12 before 2026.5.26 contain an authorization
bypass vu ...)
+ TODO: check
+CVE-2026-62218 (OpenClaw 2026.1.20 before 2026.5.27 contain an authorization
bypass vu ...)
+ TODO: check
+CVE-2026-62217 (OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an
authorization fl ...)
+ TODO: check
+CVE-2026-62216 (OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in
the QQB ...)
+ TODO: check
+CVE-2026-62215 (OpenClaw versions before 2026.6.5 contain an authentication
bypass vul ...)
+ TODO: check
+CVE-2026-62214 (OpenClaw versions before 2026.5.28 Bot Framework contains an
improper ...)
+ TODO: check
+CVE-2026-62213 (OpenClaw versions before 2026.5.27 contain a token leakage
vulnerabili ...)
+ TODO: check
+CVE-2026-62212 (OpenClaw before 2026.5.28 contains a race condition in the MS
Teams sa ...)
+ TODO: check
+CVE-2026-62211 (OpenClaw versions before 2026.6.1 contain a credential
redaction bypas ...)
+ TODO: check
+CVE-2026-62210 (OpenClaw versions before 2026.6.1 contain a denial of service
vulnerab ...)
+ TODO: check
+CVE-2026-62209 (OpenClaw versions 2026.5.10-beta.1 before 2026.6.5 contain an
authoriz ...)
+ TODO: check
+CVE-2026-62208 (OpenClaw before 2026.6.5 could forward Authorization headers
during MC ...)
+ TODO: check
+CVE-2026-62207 (OpenClaw versions before 2026.6.5 contain an authentication
bypass vul ...)
+ TODO: check
+CVE-2026-62206 (OpenClaw versions before 2026.6.9 contain a missing
authorization vuln ...)
+ TODO: check
+CVE-2026-62205 (OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a
missing-a ...)
+ TODO: check
+CVE-2026-62203 (OpenClaw versions before 2026.6.6 contain an environment
variable filt ...)
+ TODO: check
+CVE-2026-62202 (OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege
escalat ...)
+ TODO: check
+CVE-2026-62201 (OpenClaw versions before 2026.6.6 contain a network policy
bypass vuln ...)
+ TODO: check
+CVE-2026-61718 (bunkerweb is an Open-source and next-generation Web
Application Firewa ...)
+ TODO: check
+CVE-2026-61389 (An out-of-bounds write vulnerability in the Productivity Suite
allows ...)
+ TODO: check
+CVE-2026-61378 (A divide-by-zero vulnerability in the Productivity Suite
allows a loca ...)
+ TODO: check
+CVE-2026-60140 (An out-of-bounds read vulnerability in the Productivity Suite
allows a ...)
+ TODO: check
+CVE-2026-60073 (An out-of-bounds read in the Productivity Suite allows a
physical att ...)
+ TODO: check
+CVE-2026-60063 (An out-of-bounds write vulnerability in the Productivity Suite
allows ...)
+ TODO: check
+CVE-2026-60060 (Improper Handling of Length Parameter Inconsistency (CWE-130)
vulnerab ...)
+ TODO: check
+CVE-2026-5674 (A flaw was found in PipeWire, a multimedia server. This
vulnerability ...)
+ TODO: check
+CVE-2026-59867 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
+ TODO: check
+CVE-2026-59866 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
+ TODO: check
+CVE-2026-59865 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
+ TODO: check
+CVE-2026-59864 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
+ TODO: check
+CVE-2026-59863 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.5, ...)
+ TODO: check
+CVE-2026-59862 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.0, ...)
+ TODO: check
+CVE-2026-59861 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.0, ...)
+ TODO: check
+CVE-2026-59860 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.3, ...)
+ TODO: check
+CVE-2026-59859 (Kiota is an OpenAPI based HTTP Client code generator. Prior to
1.32.4, ...)
+ TODO: check
+CVE-2026-59249 (Inconsistent interpretation of HTTP requests (HTTP response
smuggling) ...)
+ TODO: check
+CVE-2026-59237 (Authorization Bypass Through User-Controlled Key (CWE-639) in
the Orde ...)
+ TODO: check
+CVE-2026-59117 (Integer overflow or wraparound in Windows Terminal allows an
unauthori ...)
+ TODO: check
+CVE-2026-58643 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-58598 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2026-58317 (Unsigned to Signed Conversion Error (CWE-196) vulnerability
exists in ...)
+ TODO: check
+CVE-2026-58078 (The Joomla extension Quix Page Builder Pro is vulnerable to an
unauthe ...)
+ TODO: check
+CVE-2026-57896 (An out-of-bounds read vulnerability in the Productivity Suite
allows a ...)
+ TODO: check
+CVE-2026-57206 (SimpleChat is a secure AI conversation application with
personal and g ...)
+ TODO: check
+CVE-2026-57205 (SimpleChat is a secure AI conversation application with
personal and g ...)
+ TODO: check
+CVE-2026-56456 (HCL DFXAnalytics is affected by an Internal File Path
Disclosure vulne ...)
+ TODO: check
+CVE-2026-56455 (HCL DFXAnalytics is affected by a Buffer Overflow
vulnerability that c ...)
+ TODO: check
+CVE-2026-56454 (HCL DFXAnalytics is affected by a Deprecated Protocol
vulnerability du ...)
+ TODO: check
+CVE-2026-56453 (HCL DFXAnalytics is affected by an Account Takeover via
Response Manip ...)
+ TODO: check
+CVE-2026-55629 (Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging
proxy. Prior ...)
+ TODO: check
+CVE-2026-55548 (Yamcs is a mission control framework. Prior to 5.12.8 and
5.13.2, the ...)
+ TODO: check
+CVE-2026-55440 (Microsoft UFO open-source framework for intelligent automation
across ...)
+ TODO: check
+CVE-2026-55407 (Buffa is a pure-Rust Protocol Buffers implementation with
first-class ...)
+ TODO: check
+CVE-2026-55406 (Buffa is a pure-Rust Protocol Buffers implementation with
first-class ...)
+ TODO: check
+CVE-2026-55173 (WWBN AVideo is an open source video platform. Versions 29.0
and below ...)
+ TODO: check
+CVE-2026-54733 (The Microsoft 365 and Microsoft Entra ID Plugins for Moodle
provide Of ...)
+ TODO: check
+CVE-2026-54728 (bunkerweb is an Open-source and next-generation Web
Application Firewa ...)
+ TODO: check
+CVE-2026-54568 (Microsoft UFO open-source framework for intelligent automation
across ...)
+ TODO: check
+CVE-2026-54526 (Argo Workflows is an open source container-native workflow
engine for ...)
+ TODO: check
+CVE-2026-54340 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Pr ...)
+ TODO: check
+CVE-2026-53598 (Prompty is a markdown file format (.prompty) for LLM prompts.
Prior to ...)
+ TODO: check
+CVE-2026-53597 (Prompty is a markdown file format (.prompty) for LLM prompts.
From 2.0 ...)
+ TODO: check
+CVE-2026-53536 (Activepieces is an open source AI workflow automation
platform. Prior ...)
+ TODO: check
+CVE-2026-53535 (Activepieces is an open source AI workflow automation
platform. Prior ...)
+ TODO: check
+CVE-2026-53412 (Improper Input Validation in Zoom Desktop Client for Windows,
Zoom VDI ...)
+ TODO: check
+CVE-2026-53411 (A time-of-check to time-of-use (TOCTOU) race condition in the
installa ...)
+ TODO: check
+CVE-2026-53410 (A time-of-check to time-of-use (TOCTOU) race condition in the
installa ...)
+ TODO: check
+CVE-2026-53409 (Improper Privilege Management in Zoom Rooms for Windows before
version ...)
+ TODO: check
+CVE-2026-49998 (Centrifugo is an open-source scalable real-time messaging
server. Prio ...)
+ TODO: check
+CVE-2026-47751 (Claude Code Action is a general-purpose GitHub action that
runs Claude ...)
+ TODO: check
+CVE-2026-47089 (An issue was discovered in cyrus-imapd in Cyrus IMAP through
3.12.2. L ...)
+ TODO: check
+CVE-2026-47088 (An issue was discovered in cyrus-imapd in Cyrus IMAP through
3.12.2. T ...)
+ TODO: check
+CVE-2026-47087 (An issue was discovered in cyrus-imapd in Cyrus IMAP through
3.12.2. U ...)
+ TODO: check
+CVE-2026-47086 (An issue was discovered in cyrus-imapd in Cyrus IMAP through
3.12.2. G ...)
+ TODO: check
+CVE-2026-47085 (An issue was discovered in cyrus-imapd in Cyrus IMAP through
3.12.2. U ...)
+ TODO: check
+CVE-2026-47084 (An issue was discovered in cyrus-imapd in Cyrus IMAP through
3.12.2. T ...)
+ TODO: check
+CVE-2026-47083 (An issue was discovered in cyrus-imapd in Cyrus IMAP through
3.12.2. T ...)
+ TODO: check
+CVE-2026-47082 (An issue was discovered in cyrus-imapd in Cyrus IMAP through
3.12.2. T ...)
+ TODO: check
+CVE-2026-47081 (An issue was discovered in cyrus-imapd in Cyrus IMAP through
3.12.2. T ...)
+ TODO: check
+CVE-2026-46687 (Emlog is an open source website building system. In 2.6.13 and
earlier ...)
+ TODO: check
+CVE-2026-46686 (Emlog is an open source website building system. In 2.6.13 and
earlier ...)
+ TODO: check
+CVE-2026-46621 (Yamcs is a mission control framework. Prior to 5.12.7, the
Yamcs scrip ...)
+ TODO: check
+CVE-2026-46562 (Yamcs is a mission control framework. Prior to 5.12.7, the
Nashorn Scr ...)
+ TODO: check
+CVE-2026-46515 (Frogman provides headless PBX control through MCP and HTTP
API. Prior ...)
+ TODO: check
+CVE-2026-46514 (Frogman provides headless PBX control through MCP and HTTP
API. Prior ...)
+ TODO: check
+CVE-2026-46513 (Frogman provides headless PBX control through MCP and HTTP
API. Prior ...)
+ TODO: check
+CVE-2026-46512 (Frogman provides headless PBX control through MCP and HTTP
API. Prior ...)
+ TODO: check
+CVE-2026-46404 (BigBlueButton is an open-source virtual classroom. Prior to
3.0.23, th ...)
+ TODO: check
+CVE-2026-46378 (Dasel is a command-line tool and library for querying,
modifying, and ...)
+ TODO: check
+CVE-2026-46377 (Dasel is a command-line tool and library for querying,
modifying, and ...)
+ TODO: check
+CVE-2026-46353 (BigBlueButton is an open-source virtual classroom. Prior to
3.0.21, bb ...)
+ TODO: check
+CVE-2026-46351 (BigBlueButton is an open-source virtual classroom. Prior to
3.0.21, bb ...)
+ TODO: check
+CVE-2026-46341 (The Apify MCP server enables AI agents to extract data from
websites u ...)
+ TODO: check
+CVE-2026-46338 (PyMdown Extensions is a set of extensions for the
Python-Markdown mark ...)
+ TODO: check
+CVE-2026-46336 (Manyfold is an open source, self-hosted web application for
managing a ...)
+ TODO: check
+CVE-2026-45795 (The Janssen Project is an open-source identity and access
management ( ...)
+ TODO: check
+CVE-2026-45695 (Kopia is a cross-platform backup tool for Windows, macOS, and
Linux wi ...)
+ TODO: check
+CVE-2026-45612 (rz-libdemangle is a Rizin library for demangling symbols.
Prior to 6bf ...)
+ TODO: check
+CVE-2026-45576 (zrok is software for sharing web services, files, and network
resource ...)
+ TODO: check
+CVE-2026-45568 (zrok is software for sharing web services, files, and network
resource ...)
+ TODO: check
+CVE-2026-45368 (Kirby is an open-source content management system. In versions
prior t ...)
+ TODO: check
+CVE-2026-45367 (HAPI FHIR is a complete implementation of the HL7 FHIR
standard for he ...)
+ TODO: check
+CVE-2026-45336 (HireFlow is a web-based interview management system for
managing candi ...)
+ TODO: check
+CVE-2026-45334 (Kirby is an open-source content management system. In versions
prior t ...)
+ TODO: check
+CVE-2026-45325 (Gestor de Oferta is a web application for managing mobility
service of ...)
+ TODO: check
+CVE-2026-44982 (CrowdSec offers crowdsourced protection against malicious IPs.
From 1. ...)
+ TODO: check
+CVE-2026-44981 (CrowdSec offers crowdsourced protection against malicious IPs.
From 1. ...)
+ TODO: check
+CVE-2026-44970 (dbt-mcp is a Model Context Protocol server for interacting
with dbt. P ...)
+ TODO: check
+CVE-2026-44969 (dbt-mcp is a Model Context Protocol server for interacting
with dbt. P ...)
+ TODO: check
+CVE-2026-44968 (dbt-mcp is a Model Context Protocol server for interacting
with dbt. P ...)
+ TODO: check
+CVE-2026-44632 (Yamcs is a mission control framework. Prior to 5.12.7, a
server-side c ...)
+ TODO: check
+CVE-2026-44596 (Yamcs is a mission control framework. Prior to 5.12.7, the
authenticat ...)
+ TODO: check
+CVE-2026-44595 (Yamcs is a mission control framework. Prior to 5.12.7, the IAM
API end ...)
+ TODO: check
+CVE-2026-44453 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Pr ...)
+ TODO: check
+CVE-2026-44452 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Pr ...)
+ TODO: check
+CVE-2026-44436 (Quicly is an IETF QUIC protocol implementation intended
primarily for ...)
+ TODO: check
+CVE-2026-44435 (Quicly is an IETF QUIC protocol implementation intended
primarily for ...)
+ TODO: check
+CVE-2026-44434 (Quicly is an IETF QUIC protocol implementation intended
primarily for ...)
+ TODO: check
+CVE-2026-44433 (Quicly is an IETF QUIC protocol implementation intended
primarily for ...)
+ TODO: check
+CVE-2026-44251 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2026-44182 (Jupyter Enterprise Gateway launches remote Jupyter Notebook
kernels ac ...)
+ TODO: check
+CVE-2026-44181 (Jupyter Enterprise Gateway launches remote Jupyter Notebook
kernels ac ...)
+ TODO: check
+CVE-2026-44180 (Jupyter Enterprise Gateway launches remote Jupyter Notebook
kernels ac ...)
+ TODO: check
+CVE-2026-44177 (Kirby is an open-source content management system. In versions
5.3.0 a ...)
+ TODO: check
+CVE-2026-44176 (Kirby is an open-source content management system. Versions
prior to 4 ...)
+ TODO: check
+CVE-2026-44175 (Kirby is an open-source content management system. In versions
prior t ...)
+ TODO: check
+CVE-2026-44174 (Kirby is an open-source content management system. Prior to
4.9.1 and ...)
+ TODO: check
+CVE-2026-44023 (Docling Core defines core data types and transformations for
the docum ...)
+ TODO: check
+CVE-2026-44019 (Docling Core defines core data types and transformations for
the docum ...)
+ TODO: check
+CVE-2026-43978 (wger is a free, open-source workout and fitness manager. In
versions p ...)
+ TODO: check
+CVE-2026-43977 (wger is a free, open-source workout and fitness manager. In
versions p ...)
+ TODO: check
+CVE-2026-41993 (Improper Access Control vulnerability in the Removable Media
Validatio ...)
+ TODO: check
+CVE-2026-40106 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2026-39359 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2026-38158 (A SQL injection vulnerability in the
/ureport/datasource/previewData c ...)
+ TODO: check
+CVE-2026-36425 (An issue in OPSWAT AppRemover Driver (ardrv.sys)
v2017.10.02.1551 and ...)
+ TODO: check
+CVE-2026-35149 (HCL DFXServer is affected by an Authentication Bypass
vulnerability vi ...)
+ TODO: check
+CVE-2026-35148 (HCL DFXServer is affected by a Missing Access Control
vulnerability. T ...)
+ TODO: check
+CVE-2026-35147 (HCL DFXServer is affected by a Broken Authentication
vulnerability via ...)
+ TODO: check
+CVE-2026-35146 (HCL DFXServer is affected by an Unencrypted Communication
vulnerabilit ...)
+ TODO: check
+CVE-2026-35145 (HCL DFXAnalytics is affected by a Missing HTTP
Strict-Transport-Securi ...)
+ TODO: check
+CVE-2026-35143 (HCL DFXAnalytics is affected by a Missing SameSite Attribute
vulnerabi ...)
+ TODO: check
+CVE-2026-35142 (HCL DFXAnalytics is affected by an Internal IP Address
Disclosure vuln ...)
+ TODO: check
+CVE-2026-35141 (HCL DFXAnalytics is affected by a Login Replay Attack
vulnerability. T ...)
+ TODO: check
+CVE-2026-35140 (HCL DFXAnalytics is affected by a Missing Secure Attribute in
Encrypte ...)
+ TODO: check
+CVE-2026-34150 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2026-33754 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2026-33731 (WWBN AVideo is an open source video platform. In versions
prior to 29. ...)
+ TODO: check
+CVE-2026-33692 (WWBN AVideo is an open source video platform. Versions prior
to 29.0 e ...)
+ TODO: check
+CVE-2026-33434 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2026-2594 (The Smart Custom Fields plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2026-22752 (Authentication bypass by primary weakness vulnerability in
Spring Secu ...)
+ TODO: check
+CVE-2026-21770 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a
DLL hija ...)
+ TODO: check
+CVE-2026-15997 (Out-of-bounds write vulnerability in Legion of the Bouncy
Castle Inc. ...)
+ TODO: check
+CVE-2026-15982 (The Aimogen Pro - All-in-One AI Content Writer, Editor,
ChatBot & Auto ...)
+ TODO: check
+CVE-2026-15945 (A flaw was found in the group search functionality of the
Keycloak ser ...)
+ TODO: check
+CVE-2026-15759 (The ChatHelp \u2013 Click to Chat Button, WooCommerce Chat to
Order & ...)
+ TODO: check
+CVE-2026-15737 (AWS Bedrock AgentCore Python SDK is an open-source Python
library that ...)
+ TODO: check
+CVE-2026-15727 (The WP Bulk Delete plugin for WordPress is vulnerable to
generic SQL I ...)
+ TODO: check
+CVE-2026-15651 (The WP TripAdvisor Review Slider plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-15610 (The WPBot \u2013 AI ChatBot for Live Support, Lead Generation,
AI Serv ...)
+ TODO: check
+CVE-2026-15457 (The Kirki \u2013 Freeform Page Builder, Website Builder &
Customizer p ...)
+ TODO: check
+CVE-2026-15449 (A time-of-check to time-of-use (TOCTOU) flaw in the illumos
data-link ...)
+ TODO: check
+CVE-2026-15422 (The illumos SCTP inbound path performs association lookup for
INIT ACK ...)
+ TODO: check
+CVE-2026-15407 (The Themify Builder plugin for WordPress is vulnerable to
authorizatio ...)
+ TODO: check
+CVE-2026-15395 (The Kali Forms \u2014 Contact Form & Drag-and-Drop Builder
plugin for ...)
+ TODO: check
+CVE-2026-15352 (A vulnerability exists in the Health & Safety (HS) application
of NASA ...)
+ TODO: check
+CVE-2026-15350 (The The Cache Purger plugin for WordPress is vulnerable to
authorizati ...)
+ TODO: check
+CVE-2026-15349 (The ERP: Complete HR, Accounting & CRM Suite Built for
WooCommerce plu ...)
+ TODO: check
+CVE-2026-15324 (The SysBasics Customize My Account for WooCommerce \u2013 Live
My Acco ...)
+ TODO: check
+CVE-2026-15161 (The Ninja Forms - Excel Export plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2026-15160 (The Ninja Forms - Excel Export plugin for WordPress is
vulnerable to D ...)
+ TODO: check
+CVE-2026-15159 (The Ninja Forms - Excel Export plugin for WordPress is
vulnerable to I ...)
+ TODO: check
+CVE-2026-15106 (The WPBot \u2013 AI ChatBot for Live Support, Lead Generation,
AI Serv ...)
+ TODO: check
+CVE-2026-15103 (The WPFunnels \u2013 Funnel Builder for WooCommerce with
Checkout & On ...)
+ TODO: check
+CVE-2026-15099 (The Delicious Recipes plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-15094 (The WP Hotel Booking plugin for WordPress is vulnerable to
Reflected C ...)
+ TODO: check
+CVE-2026-15022 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2026-15021 (The wpForo Forum plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-15008 (The Uncanny Automator \u2013 Easy Automation, Integration,
Webhooks & ...)
+ TODO: check
+CVE-2026-15005 (The Loco Translate plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2026-14956 (The Bricksforge plugin for WordPress is vulnerable to
Privilege Escala ...)
+ TODO: check
+CVE-2026-14890 (SGLang uses an expert-parallel backup subsystem that exposes a
ZeroMQ ...)
+ TODO: check
+CVE-2026-14782 (The Booking for Appointments and Events Calendar \u2013 Amelia
plugin ...)
+ TODO: check
+CVE-2026-14503 (The pCloud WP Backup plugin for WordPress is vulnerable to
Sensitive I ...)
+ TODO: check
+CVE-2026-14371 (The Lenovo XClarity Integrator for Windows Admin Center plugin
version ...)
+ TODO: check
+CVE-2026-14254 (A race condition in the account lockout mechanism
inDelphixContinousDa ...)
+ TODO: check
+CVE-2026-14253
+ REJECTED
+CVE-2026-13767 (The Quiz Master Next plugin for WordPress is vulnerable to SQL
Injecti ...)
+ TODO: check
+CVE-2026-13765 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell
Online ...)
+ TODO: check
+CVE-2026-13755 (The Tickera \u2013 Sell Tickets & Manage Events plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-13754 (The Tickera \u2013 Sell Tickets & Manage Events plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-13741 (The Digits: WordPress Mobile Number Signup and Login plugin
for WordPr ...)
+ TODO: check
+CVE-2026-13402 (The Royal Addons for Elementor WordPress plugin before
1.7.1063 does ...)
+ TODO: check
+CVE-2026-13352 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
+ TODO: check
+CVE-2026-13104 (A potential vulnerability was reported in Lenovo App Store,
distribute ...)
+ TODO: check
+CVE-2026-13103 (A potential path traversal vulnerability was reported in
Lenovo App St ...)
+ TODO: check
+CVE-2026-12393 (The WPS Bookings for WooCommerce WordPress plugin before
3.11.7 does n ...)
+ TODO: check
+CVE-2026-12391 (An insecure symlink following vulnerability exists in
Canonical ubuntu ...)
+ TODO: check
+CVE-2026-12379 (An Open Redirect vulnerability (CWE-601) exists in the
OAuth/OIDC auth ...)
+ TODO: check
+CVE-2026-11966 (The User Registration & Membership WordPress plugin before
5.2.3 does ...)
+ TODO: check
+CVE-2026-11961 (The User Registration & Membership WordPress plugin before
5.2.3 does ...)
+ TODO: check
+CVE-2026-11889 (SALTO ProAccess Space software using the tenancy feature /
logical pa ...)
+ TODO: check
+CVE-2026-11740
+ REJECTED
+CVE-2026-11575 (The PhonePe Payment Solutions WordPress plugin before 3.1.0
does not p ...)
+ TODO: check
+CVE-2026-11386 (An input validation and injection vulnerability exists in
Canonical ub ...)
+ TODO: check
+CVE-2026-11324 (The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay
gateway plug ...)
+ TODO: check
+CVE-2026-10590 (A potential missing authentication vulnerability could allow a
local p ...)
+ TODO: check
+CVE-2026-10589 (A potential out of bounds write vulnerability could allow a
local priv ...)
+ TODO: check
+CVE-2026-10588 (A potential vulnerability could allow a local privileged
attacker to d ...)
+ TODO: check
+CVE-2026-10587 (A potential out-of-bounds write vulnerability could allow a
local priv ...)
+ TODO: check
+CVE-2026-10525 (The NEX-Forms WordPress plugin before 9.2.3 does not sanitise
and esc ...)
+ TODO: check
+CVE-2025-71388 (stoatchat (delta/Revolt) versions from 20241213-1 before
20250210-1 al ...)
+ TODO: check
+CVE-2025-71377 (stoatchat (delta) versions before 20250210-1 (0.8.2) contain a
logic e ...)
+ TODO: check
+CVE-2025-45870 (LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to
Local File ...)
+ TODO: check
+CVE-2025-45868 (LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to
blind SQL ...)
+ TODO: check
+CVE-2024-58360 (stoatchat versions before 0.7.8 fail to enforce account
creation restr ...)
+ TODO: check
+CVE-2024-34268 (EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat
Firmware up t ...)
+ TODO: check
+CVE-2024-32389 (Buffer Overflow vulnerability in Kerlink Kerlink Wirnet
iStation 868 K ...)
+ TODO: check
+CVE-2024-32387 (An issue in Kerlink Kerlink Wirnet iStation 868 KerOS
v.4.3.3_20200803 ...)
+ TODO: check
+CVE-2024-32386 (Directory traversal vulnerability in Kerlink Kerlink Wirnet
iStation 8 ...)
+ TODO: check
+CVE-2024-32385 (An issue in Kerlink Kerlink Wirnet iStation 868 KerOS
v.4.3.3_20200803 ...)
+ TODO: check
+CVE-2023-49900 (An unauthenticated remote attacker is able to perform remote
code exec ...)
+ TODO: check
+CVE-2023-49899 (An unauthenticated remote attacker canexecute any command on
the affec ...)
+ TODO: check
+CVE-2019-25764 (**UNSUPPORTED WHEN ASSIGNED** Exposed IOCTL with Insufficient
Access C ...)
+ TODO: check
+CVE-2026-57077 (YAML::Syck versions before 1.47 for Perl allow an
out-of-bounds read v ...)
- libyaml-syck-perl <unfixed> (bug #1142267)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/17/4
NOTE: Fixed by:
https://github.com/toddr/YAML-Syck/commit/44c90a109ec3215ee7ce747bd11209835e123d8b
(1.47)
-CVE-2026-57076
+CVE-2026-57076 (YAML::Syck versions before 1.47 for Perl allow a heap
use-after-free v ...)
- libyaml-syck-perl <unfixed> (bug #1142267)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/17/3
NOTE: Fixed by:
https://github.com/toddr/YAML-Syck/commit/44c90a109ec3215ee7ce747bd11209835e123d8b
(1.47)
-CVE-2026-57075
+CVE-2026-57075 (YAML::Syck versions before 1.47 for Perl allow an
out-of-bounds read v ...)
- libyaml-syck-perl <unfixed> (bug #1142267)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/17/2
NOTE: Fixed by:
https://github.com/toddr/YAML-Syck/commit/44c90a109ec3215ee7ce747bd11209835e123d8b
(1.47)
-CVE-2026-13713
+CVE-2026-13713 (YAML::Syck versions before 1.47 for Perl allow a
use-after-free and do ...)
- libyaml-syck-perl <unfixed> (bug #1142267)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/17/1
NOTE: Fixed by:
https://github.com/toddr/YAML-Syck/commit/44c90a109ec3215ee7ce747bd11209835e123d8b
(1.47)
@@ -26,23 +570,23 @@ CVE-2026-62319
CVE-2026-62318
- netatalk <unfixed> (bug #1142270)
NOTE: https://netatalk.io/security/CVE-2026-62318
-CVE-2026-57074
+CVE-2026-57074 (XML::Bare versions through 0.53 for Perl have an unbounded
character l ...)
- libxml-bare-perl 0.53-5 (bug #1142227)
[trixie] - libxml-bare-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41876806/
NOTE: https://github.com/nanoscopic/perl-XML-Bare/pull/1
NOTE:
https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-57074-r1.patch
-CVE-2026-13401
+CVE-2026-13401 (XML::Bare versions through 0.53 for Perl will hang in an
infinite loop ...)
- libxml-bare-perl 0.53-5 (bug #1142227)
[trixie] - libxml-bare-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41876829/
NOTE: https://github.com/nanoscopic/perl-XML-Bare/pull/2
NOTE:
https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-13401-r1.patch
-CVE-2026-57073
+CVE-2026-57073 (HTML::Bare versions through 0.04 for Perl have an unbounded
character ...)
NOT-FOR-US: HTML::Bare Perl module
-CVE-2026-13397
+CVE-2026-13397 (HTML::Bare versions through 0.04 for Perl will hang in an
infinite loo ...)
NOT-FOR-US: HTML::Bare Perl module
-CVE-2026-3031
+CVE-2026-3031 (Image::EPEG versions through 0.15 for Perl embeds an
unsupported versi ...)
NOT-FOR-US: Image::EPEG Perl module
CVE-2026-63175 (PlaywrightCapture stored capture-specific configuration and
runtime da ...)
NOT-FOR-US: PlaywrightCapture
@@ -2455,63 +2999,63 @@ CVE-2026-23573 (An Improper Neutralization of Input
During Web Page Generation (
CVE-2026-21840 (HCL BigFix Platform is affected by a user enumeration
vulnerability wh ...)
NOT-FOR-US: HCL
CVE-2026-15778 (Insufficient validation of untrusted input in Navigation in
Google Chr ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15777 (Use after free in UI in Google Chrome on Linux prior to
150.0.7871.125 ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15776 (Inappropriate implementation in V8 in Google Chrome prior to
150.0.787 ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15775 (Inappropriate implementation in V8 in Google Chrome prior to
150.0.787 ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15774 (Use after free in Skia in Google Chrome prior to
150.0.7871.125 allowe ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15773 (Use after free in Core in Google Chrome on Windows prior to
150.0.7871 ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15772 (Use after free in GPU in Google Chrome on Android prior to
150.0.7871. ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15771 (Insufficient validation of untrusted input in Media in Google
Chrome o ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15770 (Uninitialized Use in V8 in Google Chrome prior to
150.0.7871.125 allow ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15769 (Insufficient validation of untrusted input in Linux Toolkit
Theming in ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15768 (Insufficient policy enforcement in HTML-in-Canvas in Google
Chrome pri ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15767 (Heap buffer overflow in libyuv in Google Chrome on Windows
prior to 15 ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15766 (Uninitialized Use in Skia in Google Chrome prior to
150.0.7871.125 all ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15765 (Use after free in Ozone in Google Chrome prior to
150.0.7871.125 allow ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15764 (Use after free in Ozone in Google Chrome on Linux prior to
150.0.7871. ...)
- {DSA-6390-1}
+ {DSA-6390-1 DLA-4687-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15757 (A security flaw was discovered in the NETGEAR DGND3700v1 that
could al ...)
@@ -9213,7 +9757,8 @@ CVE-2026-6687 (FatFs R0.16 and earlier contains a stack
overflow bug in f_getlab
NOT-FOR-US: FatFs
CVE-2026-6686 (FatFs R0.16 and earlier contains an uninitialized cluster
exposure whe ...)
NOT-FOR-US: FatFs
-CVE-2026-6685 (FatFs R0.16 and earlier exhibits a stale dirty-cache skip via
unsigned ...)
+CVE-2026-6685
+ REJECTED
NOT-FOR-US: FatFs
CVE-2026-6684 (FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1'
contain ...)
NOT-FOR-US: FatFs
@@ -24278,13 +24823,13 @@ CVE-2017-20240 (Crypt::PBKDF2 versions before
0.261630 for Perl are vulnerable t
[bookworm] - libcrypt-pbkdf2-perl 0.261630-1~deb13u1~deb12u1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40929601/
NOTE: Fixed by:
https://github.com/arodland/Crypt-PBKDF2/commit/ac5aac7c8c0e411165a6665a9c1f449b745f2629
(0.261630)
-CVE-2026-50012
+CVE-2026-50012 (Squid is a caching proxy for the Web. Prior to 7.6, due to an
improper ...)
{DSA-6360-1}
- squid 7.6-1
NOTE: https://www.openwall.com/lists/oss-security/2026/06/12/1
NOTE: Fixed by:
https://github.com/squid-cache/squid/commit/19fcfe922717c8b255270c032dcde4071c003bcd
(SQUID_7_6)
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-5vmx-9x64-9284
-CVE-2026-47729
+CVE-2026-47729 (Squid is a caching proxy for the Web. Prior to 7.6, due to an
improper ...)
{DSA-6360-1}
- squid 7.6-1
NOTE: https://www.openwall.com/lists/oss-security/2026/06/12/1
@@ -187267,7 +187812,7 @@ CVE-2025-27462 ([This CNA information record relates
to multiple CVEs; the text
NOTE: https://xenbits.xen.org/xsa/advisory-468.html
CVE-2025-5276 (Versions of the package mcp-markdownify-server before 1.0.0 are
vulner ...)
NOT-FOR-US: mcp-markdownify-server
-CVE-2025-5273 (All versions of the package mcp-markdownify-server are
vulnerable to F ...)
+CVE-2025-5273 (Versions of the package mcp-markdownify-server before 1.0.0 are
vulner ...)
NOT-FOR-US: mcp-markdownify-server
CVE-2025-4583 (The Smash Balloon Social Photo Feed \u2013 Easy Social Feeds
Plugin pl ...)
NOT-FOR-US: WordPress plugin
@@ -211069,7 +211614,8 @@ CVE-2024-7990 (A stored cross-site scripting (XSS)
vulnerability exists in open-
NOT-FOR-US: open-webui/open-webui
CVE-2024-7983 (In version 0.3.8 of open-webui, an endpoint for converting
markdown to ...)
NOT-FOR-US: open-webui/open-webui
-CVE-2024-7959 (The `/openai/models` endpoint in open-webui/open-webui version
0.3.8 i ...)
+CVE-2024-7959
+ REJECTED
NOT-FOR-US: open-webui/open-webui
CVE-2024-7957 (An arbitrary file overwrite vulnerability exists in the
ZulipConnector ...)
NOT-FOR-US: danswer-ai/danswer
@@ -211125,17 +211671,21 @@ CVE-2024-7044 (A Stored Cross-Site Scripting (XSS)
vulnerability exists in the c
NOT-FOR-US: open-webui/open-webui
CVE-2024-7043 (An improper access control vulnerability in
open-webui/open-webui v0.3 ...)
NOT-FOR-US: open-webui/open-webui
-CVE-2024-7040 (In version v0.3.8 of open-webui/open-webui, there is an
improper acces ...)
+CVE-2024-7040
+ REJECTED
NOT-FOR-US: open-webui/open-webui
-CVE-2024-7039 (In open-webui/open-webui version v0.3.8, there is an improper
privileg ...)
+CVE-2024-7039
+ REJECTED
NOT-FOR-US: open-webui/open-webui
CVE-2024-7036 (A vulnerability in open-webui/open-webui v0.3.8 allows an
unauthentica ...)
NOT-FOR-US: open-webui/open-webui
CVE-2024-7035 (In version v0.3.8 of open-webui/open-webui, sensitive actions
such as ...)
NOT-FOR-US: open-webui/open-webui
-CVE-2024-7034 (In open-webui version 0.3.8, the endpoint `/models/upload` is
vulnerab ...)
+CVE-2024-7034
+ REJECTED
NOT-FOR-US: open-webui/open-webui
-CVE-2024-7033 (In version 0.3.8 of open-webui/open-webui, an arbitrary file
write vul ...)
+CVE-2024-7033
+ REJECTED
NOT-FOR-US: open-webui/open-webui
CVE-2024-6986 (A Cross-site Scripting (XSS) vulnerability exists in the
Settings page ...)
NOT-FOR-US: parisneo/lollms-webui
@@ -261662,7 +262212,8 @@ CVE-2024-7292 (In Progress\xae Telerik\xae Report
Server versions prior to 2024
NOT-FOR-US: Progress Telerik
CVE-2024-7041 (An Insecure Direct Object Reference (IDOR) vulnerability exists
in ope ...)
NOT-FOR-US: open-webui
-CVE-2024-7038 (An information disclosure vulnerability exists in open-webui
version 0 ...)
+CVE-2024-7038
+ REJECTED
NOT-FOR-US: open-webui
CVE-2024-7037 (In version v0.3.8 of open-webui/open-webui, the endpoint
/api/pipeline ...)
NOT-FOR-US: open-webui
@@ -267034,7 +267585,7 @@ CVE-2024-22399 (Deserialization of Untrusted Data
vulnerability in Apache Seata.
NOT-FOR-US: Apache Seata
CVE-2024-8762 (A vulnerability was found in code-projects Crud Operation
System 1.0. ...)
NOT-FOR-US: Crud Operation System
-CVE-2024-8751 (A vulnerability in the MSC800 allows an unauthenticated
attacker to mo ...)
+CVE-2024-8751 (A vulnerability allows a remote unauthenticated attacker to
modify the ...)
NOT-FOR-US: SICK
CVE-2024-8742 (The Essential Addons for Elementor \u2013 Best Elementor Addon,
Templa ...)
NOT-FOR-US: WordPress plugin
@@ -537655,8 +538206,8 @@ CVE-2021-27138 (The boot loader in Das U-Boot before
2021.04-rc2 mishandles use
NOTE:
https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
NOTE:
https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
NOTE:
https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
(full changeset incl. CVE-2021-27097)
-CVE-2021-27137
- RESERVED
+CVE-2021-27137 (An issue was discovered in router/upnp/src/ssdp.c in DD-WRT
before 457 ...)
+ TODO: check
CVE-2021-27136
RESERVED
CVE-2021-27134
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/629a2230fba7839b29b2f4310268b4d5171a0c9e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/629a2230fba7839b29b2f4310268b4d5171a0c9e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits