Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
629a2230 by security tracker role at 2026-07-17T07:13:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,16 +1,560 @@
-CVE-2026-57077
+CVE-2026-9810 (The AI Copilot  WordPress plugin before 1.5.4 does not bind 
OAuth acce ...)
+       TODO: check
+CVE-2026-9494 (An information disclosure vulnerability exists in Canonical 
ubuntu-pro ...)
+       TODO: check
+CVE-2026-9046 (A potential insecure permissions vulnerability was reported in 
Legion  ...)
+       TODO: check
+CVE-2026-8616 (The Fense Proxy & VPN Blocker plugin for WordPress is 
vulnerable to un ...)
+       TODO: check
+CVE-2026-7543 (The Breakdance plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2026-6511 (During an internal security assessment, a potential improper 
access co ...)
+       TODO: check
+CVE-2026-6424 (Use-after-free vulnerability in ESET Linux productspotentially 
allowed ...)
+       TODO: check
+CVE-2026-6423 (A local privilege escalation vulnerability in ESET Inspect 
Connector.  ...)
+       TODO: check
+CVE-2026-63397 (remorses/genql before version 6.3.4 allows an authenticated 
attacker w ...)
+       TODO: check
+CVE-2026-63306 (stoatchat before 0.13.5 contains an unauthenticated 
server-side reques ...)
+       TODO: check
+CVE-2026-63305 (AVideo through 29.0 contains an OS command injection 
vulnerability in  ...)
+       TODO: check
+CVE-2026-63304 (AVideo through 29.0 contains an OS command injection 
vulnerability in  ...)
+       TODO: check
+CVE-2026-63089 (WireGuard Easy through 15.3.0, fixed in commit 66b292b, 
contains a cry ...)
+       TODO: check
+CVE-2026-63088 (stoatchat before 0.14.0 contains a server-side request forgery 
(SSRF)  ...)
+       TODO: check
+CVE-2026-63087 (Grafana OnCall through 1.16.11 contains an unauthenticated 
access vuln ...)
+       TODO: check
+CVE-2026-63086 (text-generation-inference through 3.3.7 contains a server-side 
request ...)
+       TODO: check
+CVE-2026-63085 (Axelor Open Platform versions 8.x prior to 8.2.2 contains an 
authoriza ...)
+       TODO: check
+CVE-2026-63082 (Perfect Support Ticketing & Document Management System through 
1.7 con ...)
+       TODO: check
+CVE-2026-63081 (Perfect Support Ticketing & Document Management System through 
1.7 con ...)
+       TODO: check
+CVE-2026-62994 (CoreDNS is a DNS server written in Go. From 1.9.4 until 
1.14.5, a netw ...)
+       TODO: check
+CVE-2026-62963 (Centrifugo is an open-source scalable real-time messaging 
server. Prio ...)
+       TODO: check
+CVE-2026-62826 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-62387 (The Grav API plugin (getgrav/grav-plugin-api) before 
1.0.0-rc.16 shipp ...)
+       TODO: check
+CVE-2026-62386 (The Grav API plugin (getgrav/grav-plugin-api) before 
1.0.0-rc.16 accep ...)
+       TODO: check
+CVE-2026-62309 (CoreDNS is a DNS server written in Go. Prior to 1.14.4, a 
single 28-by ...)
+       TODO: check
+CVE-2026-62299 (CoreDNS is a DNS server written in Go. Prior to 1.14.5, the 
CoreDNS re ...)
+       TODO: check
+CVE-2026-62290 (cert-manager adds certificates and certificate issuers as 
resource typ ...)
+       TODO: check
+CVE-2026-62241 (clawvet self-hosted API server (apps/api) before 0.7.5 
hard-codes a fa ...)
+       TODO: check
+CVE-2026-62238 (OpenRemote before 1.26.0 contain an authenticated SQL 
injection vulner ...)
+       TODO: check
+CVE-2026-62237 (Grav before 2.0.4 contains a regular expression denial of 
service (ReD ...)
+       TODO: check
+CVE-2026-62236 (grav-plugin-login before 3.8.11 contains a cross-site request 
forgery  ...)
+       TODO: check
+CVE-2026-62235 (Grav Flex-Objects before version 1.4.3 contains a broken 
access contro ...)
+       TODO: check
+CVE-2026-62234 (Grav before 2.0.4 fails to restrict cURL protocols in webhook 
dispatch ...)
+       TODO: check
+CVE-2026-62233 (grav-plugin-api before 1.0.6 fails to validate super-admin 
status in c ...)
+       TODO: check
+CVE-2026-62232 (Grav before 2.0.4 contains a two-factor authentication bypass 
vulnerab ...)
+       TODO: check
+CVE-2026-62231 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.6 
contains an ...)
+       TODO: check
+CVE-2026-62230 (Grav before 2.0.4 ships a default .htaccess (and reference 
webserver-c ...)
+       TODO: check
+CVE-2026-62229 (OpenClaw before 2026.5.18 contain an authorization bypass 
vulnerabilit ...)
+       TODO: check
+CVE-2026-62228 (OpenClaw before 2026.6.5 contain an authorization bypass 
vulnerability ...)
+       TODO: check
+CVE-2026-62227 (OpenClaw 2026.4.14 before 2026.5.26 contain a server-side 
request forg ...)
+       TODO: check
+CVE-2026-62226 (OpenClaw 2026.3.28 before 2026.5.19 contain an authorization 
bypass vu ...)
+       TODO: check
+CVE-2026-62225 (OpenClaw versions before 2026.5.18 contain an authorization 
bypass vul ...)
+       TODO: check
+CVE-2026-62224 (OpenClaw MS Teams before 2026.5.12 contain an authorization 
bypass vul ...)
+       TODO: check
+CVE-2026-62223 (OpenClaw before 2026.5.18 contain an authorization bypass 
vulnerabilit ...)
+       TODO: check
+CVE-2026-62222 (OpenClaw before 2026.5.22 contain a vulnerability in 
setup-mode discov ...)
+       TODO: check
+CVE-2026-62221 (OpenClaw 2026.5.12 before 2026.5.26 contain an incorrect 
authorization ...)
+       TODO: check
+CVE-2026-62220 (OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller 
or conf ...)
+       TODO: check
+CVE-2026-62219 (OpenClaw 2026.2.12 before 2026.5.26 contain an authorization 
bypass vu ...)
+       TODO: check
+CVE-2026-62218 (OpenClaw 2026.1.20 before 2026.5.27 contain an authorization 
bypass vu ...)
+       TODO: check
+CVE-2026-62217 (OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an 
authorization fl ...)
+       TODO: check
+CVE-2026-62216 (OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in 
the QQB ...)
+       TODO: check
+CVE-2026-62215 (OpenClaw versions before 2026.6.5 contain an authentication 
bypass vul ...)
+       TODO: check
+CVE-2026-62214 (OpenClaw versions before 2026.5.28 Bot Framework contains an 
improper  ...)
+       TODO: check
+CVE-2026-62213 (OpenClaw versions before 2026.5.27 contain a token leakage 
vulnerabili ...)
+       TODO: check
+CVE-2026-62212 (OpenClaw before 2026.5.28 contains a race condition in the MS 
Teams sa ...)
+       TODO: check
+CVE-2026-62211 (OpenClaw versions before 2026.6.1 contain a credential 
redaction bypas ...)
+       TODO: check
+CVE-2026-62210 (OpenClaw versions before 2026.6.1 contain a denial of service 
vulnerab ...)
+       TODO: check
+CVE-2026-62209 (OpenClaw versions 2026.5.10-beta.1 before 2026.6.5 contain an 
authoriz ...)
+       TODO: check
+CVE-2026-62208 (OpenClaw before 2026.6.5 could forward Authorization headers 
during MC ...)
+       TODO: check
+CVE-2026-62207 (OpenClaw versions before 2026.6.5 contain an authentication 
bypass vul ...)
+       TODO: check
+CVE-2026-62206 (OpenClaw versions before 2026.6.9 contain a missing 
authorization vuln ...)
+       TODO: check
+CVE-2026-62205 (OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a 
missing-a ...)
+       TODO: check
+CVE-2026-62203 (OpenClaw versions before 2026.6.6 contain an environment 
variable filt ...)
+       TODO: check
+CVE-2026-62202 (OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege 
escalat ...)
+       TODO: check
+CVE-2026-62201 (OpenClaw versions before 2026.6.6 contain a network policy 
bypass vuln ...)
+       TODO: check
+CVE-2026-61718 (bunkerweb is an Open-source and next-generation Web 
Application Firewa ...)
+       TODO: check
+CVE-2026-61389 (An out-of-bounds write vulnerability in the Productivity Suite 
allows  ...)
+       TODO: check
+CVE-2026-61378 (A divide-by-zero vulnerability in the Productivity Suite 
allows a loca ...)
+       TODO: check
+CVE-2026-60140 (An out-of-bounds read vulnerability in the Productivity Suite 
allows a ...)
+       TODO: check
+CVE-2026-60073 (An out-of-bounds read in the Productivity Suite allows a 
physical  att ...)
+       TODO: check
+CVE-2026-60063 (An out-of-bounds write vulnerability in the Productivity Suite 
allows  ...)
+       TODO: check
+CVE-2026-60060 (Improper Handling of Length Parameter Inconsistency (CWE-130) 
vulnerab ...)
+       TODO: check
+CVE-2026-5674 (A flaw was found in PipeWire, a multimedia server. This 
vulnerability  ...)
+       TODO: check
+CVE-2026-59867 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
+       TODO: check
+CVE-2026-59866 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
+       TODO: check
+CVE-2026-59865 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
+       TODO: check
+CVE-2026-59864 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
+       TODO: check
+CVE-2026-59863 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.5, ...)
+       TODO: check
+CVE-2026-59862 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.0, ...)
+       TODO: check
+CVE-2026-59861 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.0, ...)
+       TODO: check
+CVE-2026-59860 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.3, ...)
+       TODO: check
+CVE-2026-59859 (Kiota is an OpenAPI based HTTP Client code generator. Prior to 
1.32.4, ...)
+       TODO: check
+CVE-2026-59249 (Inconsistent interpretation of HTTP requests (HTTP response 
smuggling) ...)
+       TODO: check
+CVE-2026-59237 (Authorization Bypass Through User-Controlled Key (CWE-639) in 
the Orde ...)
+       TODO: check
+CVE-2026-59117 (Integer overflow or wraparound in Windows Terminal allows an 
unauthori ...)
+       TODO: check
+CVE-2026-58643 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-58598 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-58317 (Unsigned to Signed Conversion Error (CWE-196) vulnerability 
exists in  ...)
+       TODO: check
+CVE-2026-58078 (The Joomla extension Quix Page Builder Pro is vulnerable to an 
unauthe ...)
+       TODO: check
+CVE-2026-57896 (An out-of-bounds read vulnerability in the Productivity Suite 
allows a ...)
+       TODO: check
+CVE-2026-57206 (SimpleChat is a secure AI conversation application with 
personal and g ...)
+       TODO: check
+CVE-2026-57205 (SimpleChat is a secure AI conversation application with 
personal and g ...)
+       TODO: check
+CVE-2026-56456 (HCL DFXAnalytics is affected by an Internal File Path 
Disclosure vulne ...)
+       TODO: check
+CVE-2026-56455 (HCL DFXAnalytics is affected by a Buffer Overflow 
vulnerability that c ...)
+       TODO: check
+CVE-2026-56454 (HCL DFXAnalytics is affected by a Deprecated Protocol 
vulnerability du ...)
+       TODO: check
+CVE-2026-56453 (HCL DFXAnalytics is affected by an Account Takeover via 
Response Manip ...)
+       TODO: check
+CVE-2026-55629 (Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging 
proxy. Prior ...)
+       TODO: check
+CVE-2026-55548 (Yamcs is a mission control framework. Prior to 5.12.8 and 
5.13.2, the  ...)
+       TODO: check
+CVE-2026-55440 (Microsoft UFO open-source framework for intelligent automation 
across  ...)
+       TODO: check
+CVE-2026-55407 (Buffa is a pure-Rust Protocol Buffers implementation with 
first-class  ...)
+       TODO: check
+CVE-2026-55406 (Buffa is a pure-Rust Protocol Buffers implementation with 
first-class  ...)
+       TODO: check
+CVE-2026-55173 (WWBN AVideo is an open source video platform. Versions 29.0 
and below  ...)
+       TODO: check
+CVE-2026-54733 (The Microsoft 365 and Microsoft Entra ID Plugins for Moodle 
provide Of ...)
+       TODO: check
+CVE-2026-54728 (bunkerweb is an Open-source and next-generation Web 
Application Firewa ...)
+       TODO: check
+CVE-2026-54568 (Microsoft UFO open-source framework for intelligent automation 
across  ...)
+       TODO: check
+CVE-2026-54526 (Argo Workflows is an open source container-native workflow 
engine for  ...)
+       TODO: check
+CVE-2026-54340 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and 
HTTP/3. Pr ...)
+       TODO: check
+CVE-2026-53598 (Prompty is a markdown file format (.prompty) for LLM prompts. 
Prior to ...)
+       TODO: check
+CVE-2026-53597 (Prompty is a markdown file format (.prompty) for LLM prompts. 
From 2.0 ...)
+       TODO: check
+CVE-2026-53536 (Activepieces is an open source AI workflow automation 
platform. Prior  ...)
+       TODO: check
+CVE-2026-53535 (Activepieces is an open source AI workflow automation 
platform. Prior  ...)
+       TODO: check
+CVE-2026-53412 (Improper Input Validation in Zoom Desktop Client for Windows, 
Zoom VDI ...)
+       TODO: check
+CVE-2026-53411 (A time-of-check to time-of-use (TOCTOU) race condition in the 
installa ...)
+       TODO: check
+CVE-2026-53410 (A time-of-check to time-of-use (TOCTOU) race condition in the 
installa ...)
+       TODO: check
+CVE-2026-53409 (Improper Privilege Management in Zoom Rooms for Windows before 
version ...)
+       TODO: check
+CVE-2026-49998 (Centrifugo is an open-source scalable real-time messaging 
server. Prio ...)
+       TODO: check
+CVE-2026-47751 (Claude Code Action is a general-purpose GitHub action that 
runs Claude ...)
+       TODO: check
+CVE-2026-47089 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. L ...)
+       TODO: check
+CVE-2026-47088 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. T ...)
+       TODO: check
+CVE-2026-47087 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. U ...)
+       TODO: check
+CVE-2026-47086 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. G ...)
+       TODO: check
+CVE-2026-47085 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. U ...)
+       TODO: check
+CVE-2026-47084 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. T ...)
+       TODO: check
+CVE-2026-47083 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. T ...)
+       TODO: check
+CVE-2026-47082 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. T ...)
+       TODO: check
+CVE-2026-47081 (An issue was discovered in cyrus-imapd in Cyrus IMAP through 
3.12.2. T ...)
+       TODO: check
+CVE-2026-46687 (Emlog is an open source website building system. In 2.6.13 and 
earlier ...)
+       TODO: check
+CVE-2026-46686 (Emlog is an open source website building system. In 2.6.13 and 
earlier ...)
+       TODO: check
+CVE-2026-46621 (Yamcs is a mission control framework. Prior to 5.12.7, the 
Yamcs scrip ...)
+       TODO: check
+CVE-2026-46562 (Yamcs is a mission control framework. Prior to 5.12.7, the 
Nashorn Scr ...)
+       TODO: check
+CVE-2026-46515 (Frogman provides headless PBX control through MCP and HTTP 
API. Prior  ...)
+       TODO: check
+CVE-2026-46514 (Frogman provides headless PBX control through MCP and HTTP 
API. Prior  ...)
+       TODO: check
+CVE-2026-46513 (Frogman provides headless PBX control through MCP and HTTP 
API. Prior  ...)
+       TODO: check
+CVE-2026-46512 (Frogman provides headless PBX control through MCP and HTTP 
API. Prior  ...)
+       TODO: check
+CVE-2026-46404 (BigBlueButton is an open-source virtual classroom. Prior to 
3.0.23, th ...)
+       TODO: check
+CVE-2026-46378 (Dasel is a command-line tool and library for querying, 
modifying, and  ...)
+       TODO: check
+CVE-2026-46377 (Dasel is a command-line tool and library for querying, 
modifying, and  ...)
+       TODO: check
+CVE-2026-46353 (BigBlueButton is an open-source virtual classroom. Prior to 
3.0.21, bb ...)
+       TODO: check
+CVE-2026-46351 (BigBlueButton is an open-source virtual classroom. Prior to 
3.0.21, bb ...)
+       TODO: check
+CVE-2026-46341 (The Apify MCP server enables AI agents to extract data from 
websites u ...)
+       TODO: check
+CVE-2026-46338 (PyMdown Extensions is a set of extensions for the 
Python-Markdown mark ...)
+       TODO: check
+CVE-2026-46336 (Manyfold is an open source, self-hosted web application for 
managing a ...)
+       TODO: check
+CVE-2026-45795 (The Janssen Project is an open-source identity and access 
management ( ...)
+       TODO: check
+CVE-2026-45695 (Kopia is a cross-platform backup tool for Windows, macOS, and 
Linux wi ...)
+       TODO: check
+CVE-2026-45612 (rz-libdemangle is a Rizin library for demangling symbols. 
Prior to 6bf ...)
+       TODO: check
+CVE-2026-45576 (zrok is software for sharing web services, files, and network 
resource ...)
+       TODO: check
+CVE-2026-45568 (zrok is software for sharing web services, files, and network 
resource ...)
+       TODO: check
+CVE-2026-45368 (Kirby is an open-source content management system. In versions 
prior t ...)
+       TODO: check
+CVE-2026-45367 (HAPI FHIR is a complete implementation of the HL7 FHIR 
standard for he ...)
+       TODO: check
+CVE-2026-45336 (HireFlow is a web-based interview management system for 
managing candi ...)
+       TODO: check
+CVE-2026-45334 (Kirby is an open-source content management system. In versions 
prior t ...)
+       TODO: check
+CVE-2026-45325 (Gestor de Oferta is a web application for managing mobility 
service of ...)
+       TODO: check
+CVE-2026-44982 (CrowdSec offers crowdsourced protection against malicious IPs. 
From 1. ...)
+       TODO: check
+CVE-2026-44981 (CrowdSec offers crowdsourced protection against malicious IPs. 
From 1. ...)
+       TODO: check
+CVE-2026-44970 (dbt-mcp is a Model Context Protocol server for interacting 
with dbt. P ...)
+       TODO: check
+CVE-2026-44969 (dbt-mcp is a Model Context Protocol server for interacting 
with dbt. P ...)
+       TODO: check
+CVE-2026-44968 (dbt-mcp is a Model Context Protocol server for interacting 
with dbt. P ...)
+       TODO: check
+CVE-2026-44632 (Yamcs is a mission control framework. Prior to 5.12.7, a 
server-side c ...)
+       TODO: check
+CVE-2026-44596 (Yamcs is a mission control framework. Prior to 5.12.7, the 
authenticat ...)
+       TODO: check
+CVE-2026-44595 (Yamcs is a mission control framework. Prior to 5.12.7, the IAM 
API end ...)
+       TODO: check
+CVE-2026-44453 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and 
HTTP/3. Pr ...)
+       TODO: check
+CVE-2026-44452 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and 
HTTP/3. Pr ...)
+       TODO: check
+CVE-2026-44436 (Quicly is an IETF QUIC protocol implementation intended 
primarily for  ...)
+       TODO: check
+CVE-2026-44435 (Quicly is an IETF QUIC protocol implementation intended 
primarily for  ...)
+       TODO: check
+CVE-2026-44434 (Quicly is an IETF QUIC protocol implementation intended 
primarily for  ...)
+       TODO: check
+CVE-2026-44433 (Quicly is an IETF QUIC protocol implementation intended 
primarily for  ...)
+       TODO: check
+CVE-2026-44251 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
+       TODO: check
+CVE-2026-44182 (Jupyter Enterprise Gateway launches remote Jupyter Notebook 
kernels ac ...)
+       TODO: check
+CVE-2026-44181 (Jupyter Enterprise Gateway launches remote Jupyter Notebook 
kernels ac ...)
+       TODO: check
+CVE-2026-44180 (Jupyter Enterprise Gateway launches remote Jupyter Notebook 
kernels ac ...)
+       TODO: check
+CVE-2026-44177 (Kirby is an open-source content management system. In versions 
5.3.0 a ...)
+       TODO: check
+CVE-2026-44176 (Kirby is an open-source content management system. Versions 
prior to 4 ...)
+       TODO: check
+CVE-2026-44175 (Kirby is an open-source content management system. In versions 
prior t ...)
+       TODO: check
+CVE-2026-44174 (Kirby is an open-source content management system. Prior to 
4.9.1 and  ...)
+       TODO: check
+CVE-2026-44023 (Docling Core defines core data types and transformations for 
the docum ...)
+       TODO: check
+CVE-2026-44019 (Docling Core defines core data types and transformations for 
the docum ...)
+       TODO: check
+CVE-2026-43978 (wger is a free, open-source workout and fitness manager. In 
versions p ...)
+       TODO: check
+CVE-2026-43977 (wger is a free, open-source workout and fitness manager. In 
versions p ...)
+       TODO: check
+CVE-2026-41993 (Improper Access Control vulnerability in the Removable Media 
Validatio ...)
+       TODO: check
+CVE-2026-40106 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
+       TODO: check
+CVE-2026-39359 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
+       TODO: check
+CVE-2026-38158 (A SQL injection vulnerability in the 
/ureport/datasource/previewData c ...)
+       TODO: check
+CVE-2026-36425 (An issue in OPSWAT AppRemover Driver (ardrv.sys) 
v2017.10.02.1551 and  ...)
+       TODO: check
+CVE-2026-35149 (HCL DFXServer is affected by an Authentication Bypass 
vulnerability vi ...)
+       TODO: check
+CVE-2026-35148 (HCL DFXServer is affected by a Missing Access Control 
vulnerability. T ...)
+       TODO: check
+CVE-2026-35147 (HCL DFXServer is affected by a Broken Authentication 
vulnerability via ...)
+       TODO: check
+CVE-2026-35146 (HCL DFXServer is affected by an Unencrypted Communication 
vulnerabilit ...)
+       TODO: check
+CVE-2026-35145 (HCL DFXAnalytics is affected by a Missing HTTP 
Strict-Transport-Securi ...)
+       TODO: check
+CVE-2026-35143 (HCL DFXAnalytics is affected by a Missing SameSite Attribute 
vulnerabi ...)
+       TODO: check
+CVE-2026-35142 (HCL DFXAnalytics is affected by an Internal IP Address 
Disclosure vuln ...)
+       TODO: check
+CVE-2026-35141 (HCL DFXAnalytics is affected by a Login Replay Attack 
vulnerability. T ...)
+       TODO: check
+CVE-2026-35140 (HCL DFXAnalytics is affected by a Missing Secure Attribute in 
Encrypte ...)
+       TODO: check
+CVE-2026-34150 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
+       TODO: check
+CVE-2026-33754 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
+       TODO: check
+CVE-2026-33731 (WWBN AVideo is an open source video platform. In versions 
prior to 29. ...)
+       TODO: check
+CVE-2026-33692 (WWBN AVideo is an open source video platform. Versions prior 
to 29.0 e ...)
+       TODO: check
+CVE-2026-33434 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
+       TODO: check
+CVE-2026-2594 (The Smart Custom Fields plugin for WordPress is vulnerable to 
Stored C ...)
+       TODO: check
+CVE-2026-22752 (Authentication bypass by primary weakness vulnerability in 
Spring Secu ...)
+       TODO: check
+CVE-2026-21770 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a 
DLL hija ...)
+       TODO: check
+CVE-2026-15997 (Out-of-bounds write vulnerability in Legion of the Bouncy 
Castle Inc.  ...)
+       TODO: check
+CVE-2026-15982 (The Aimogen Pro - All-in-One AI Content Writer, Editor, 
ChatBot & Auto ...)
+       TODO: check
+CVE-2026-15945 (A flaw was found in the group search functionality of the 
Keycloak ser ...)
+       TODO: check
+CVE-2026-15759 (The ChatHelp \u2013 Click to Chat Button, WooCommerce Chat to 
Order &  ...)
+       TODO: check
+CVE-2026-15737 (AWS Bedrock AgentCore Python SDK is an open-source Python 
library that ...)
+       TODO: check
+CVE-2026-15727 (The WP Bulk Delete plugin for WordPress is vulnerable to 
generic SQL I ...)
+       TODO: check
+CVE-2026-15651 (The WP TripAdvisor Review Slider plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2026-15610 (The WPBot \u2013 AI ChatBot for Live Support, Lead Generation, 
AI Serv ...)
+       TODO: check
+CVE-2026-15457 (The Kirki \u2013 Freeform Page Builder, Website Builder & 
Customizer p ...)
+       TODO: check
+CVE-2026-15449 (A time-of-check to time-of-use (TOCTOU) flaw in the illumos 
data-link  ...)
+       TODO: check
+CVE-2026-15422 (The illumos SCTP inbound path performs association lookup for 
INIT ACK ...)
+       TODO: check
+CVE-2026-15407 (The Themify Builder plugin for WordPress is vulnerable to 
authorizatio ...)
+       TODO: check
+CVE-2026-15395 (The Kali Forms \u2014 Contact Form & Drag-and-Drop Builder 
plugin for  ...)
+       TODO: check
+CVE-2026-15352 (A vulnerability exists in the Health & Safety (HS) application 
of NASA ...)
+       TODO: check
+CVE-2026-15350 (The The Cache Purger plugin for WordPress is vulnerable to 
authorizati ...)
+       TODO: check
+CVE-2026-15349 (The ERP: Complete HR, Accounting & CRM Suite Built for 
WooCommerce plu ...)
+       TODO: check
+CVE-2026-15324 (The SysBasics Customize My Account for WooCommerce \u2013 Live 
My Acco ...)
+       TODO: check
+CVE-2026-15161 (The Ninja Forms - Excel Export plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2026-15160 (The Ninja Forms - Excel Export plugin for WordPress is 
vulnerable to D ...)
+       TODO: check
+CVE-2026-15159 (The Ninja Forms - Excel Export plugin for WordPress is 
vulnerable to I ...)
+       TODO: check
+CVE-2026-15106 (The WPBot \u2013 AI ChatBot for Live Support, Lead Generation, 
AI Serv ...)
+       TODO: check
+CVE-2026-15103 (The WPFunnels \u2013 Funnel Builder for WooCommerce with 
Checkout & On ...)
+       TODO: check
+CVE-2026-15099 (The Delicious Recipes plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2026-15094 (The WP Hotel Booking plugin for WordPress is vulnerable to 
Reflected C ...)
+       TODO: check
+CVE-2026-15022 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
+       TODO: check
+CVE-2026-15021 (The wpForo Forum plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2026-15008 (The Uncanny Automator \u2013 Easy Automation, Integration, 
Webhooks &  ...)
+       TODO: check
+CVE-2026-15005 (The Loco Translate plugin for WordPress is vulnerable to 
Cross-Site Re ...)
+       TODO: check
+CVE-2026-14956 (The Bricksforge plugin for WordPress is vulnerable to 
Privilege Escala ...)
+       TODO: check
+CVE-2026-14890 (SGLang uses an expert-parallel backup subsystem that exposes a 
ZeroMQ  ...)
+       TODO: check
+CVE-2026-14782 (The Booking for Appointments and Events Calendar \u2013 Amelia 
plugin  ...)
+       TODO: check
+CVE-2026-14503 (The pCloud WP Backup plugin for WordPress is vulnerable to 
Sensitive I ...)
+       TODO: check
+CVE-2026-14371 (The Lenovo XClarity Integrator for Windows Admin Center plugin 
version ...)
+       TODO: check
+CVE-2026-14254 (A race condition in the account lockout mechanism 
inDelphixContinousDa ...)
+       TODO: check
+CVE-2026-14253
+       REJECTED
+CVE-2026-13767 (The Quiz Master Next plugin for WordPress is vulnerable to SQL 
Injecti ...)
+       TODO: check
+CVE-2026-13765 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell 
Online  ...)
+       TODO: check
+CVE-2026-13755 (The Tickera \u2013 Sell Tickets & Manage Events plugin for 
WordPress i ...)
+       TODO: check
+CVE-2026-13754 (The Tickera \u2013 Sell Tickets & Manage Events plugin for 
WordPress i ...)
+       TODO: check
+CVE-2026-13741 (The Digits: WordPress Mobile Number Signup and Login plugin 
for WordPr ...)
+       TODO: check
+CVE-2026-13402 (The Royal Addons for Elementor  WordPress plugin before 
1.7.1063 does  ...)
+       TODO: check
+CVE-2026-13352 (The Paid Membership Plugin, Ecommerce, User Registration Form, 
Login F ...)
+       TODO: check
+CVE-2026-13104 (A potential vulnerability was reported in Lenovo App Store, 
distribute ...)
+       TODO: check
+CVE-2026-13103 (A potential path traversal vulnerability was reported in 
Lenovo App St ...)
+       TODO: check
+CVE-2026-12393 (The WPS Bookings for WooCommerce WordPress plugin before 
3.11.7 does n ...)
+       TODO: check
+CVE-2026-12391 (An insecure symlink following vulnerability exists in 
Canonical ubuntu ...)
+       TODO: check
+CVE-2026-12379 (An Open Redirect vulnerability (CWE-601) exists in the 
OAuth/OIDC auth ...)
+       TODO: check
+CVE-2026-11966 (The User Registration & Membership  WordPress plugin before 
5.2.3 does ...)
+       TODO: check
+CVE-2026-11961 (The User Registration & Membership  WordPress plugin before 
5.2.3 does ...)
+       TODO: check
+CVE-2026-11889 (SALTO ProAccess Space software using the tenancy feature / 
logical  pa ...)
+       TODO: check
+CVE-2026-11740
+       REJECTED
+CVE-2026-11575 (The PhonePe Payment Solutions WordPress plugin before 3.1.0 
does not p ...)
+       TODO: check
+CVE-2026-11386 (An input validation and injection vulnerability exists in 
Canonical ub ...)
+       TODO: check
+CVE-2026-11324 (The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay 
gateway plug ...)
+       TODO: check
+CVE-2026-10590 (A potential missing authentication vulnerability could allow a 
local p ...)
+       TODO: check
+CVE-2026-10589 (A potential out of bounds write vulnerability could allow a 
local priv ...)
+       TODO: check
+CVE-2026-10588 (A potential vulnerability could allow a local privileged 
attacker to d ...)
+       TODO: check
+CVE-2026-10587 (A potential out-of-bounds write vulnerability could allow a 
local priv ...)
+       TODO: check
+CVE-2026-10525 (The NEX-Forms  WordPress plugin before 9.2.3 does not sanitise 
and esc ...)
+       TODO: check
+CVE-2025-71388 (stoatchat (delta/Revolt) versions from 20241213-1 before 
20250210-1 al ...)
+       TODO: check
+CVE-2025-71377 (stoatchat (delta) versions before 20250210-1 (0.8.2) contain a 
logic e ...)
+       TODO: check
+CVE-2025-45870 (LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to 
Local File ...)
+       TODO: check
+CVE-2025-45868 (LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to 
blind SQL  ...)
+       TODO: check
+CVE-2024-58360 (stoatchat versions before 0.7.8 fail to enforce account 
creation restr ...)
+       TODO: check
+CVE-2024-34268 (EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat 
Firmware up t ...)
+       TODO: check
+CVE-2024-32389 (Buffer Overflow vulnerability in Kerlink Kerlink Wirnet 
iStation 868 K ...)
+       TODO: check
+CVE-2024-32387 (An issue in Kerlink Kerlink Wirnet iStation 868 KerOS 
v.4.3.3_20200803 ...)
+       TODO: check
+CVE-2024-32386 (Directory traversal vulnerability in Kerlink Kerlink Wirnet 
iStation 8 ...)
+       TODO: check
+CVE-2024-32385 (An issue in Kerlink Kerlink Wirnet iStation 868 KerOS 
v.4.3.3_20200803 ...)
+       TODO: check
+CVE-2023-49900 (An unauthenticated remote attacker is able to perform remote 
code exec ...)
+       TODO: check
+CVE-2023-49899 (An unauthenticated remote attacker canexecute any command on 
the affec ...)
+       TODO: check
+CVE-2019-25764 (**UNSUPPORTED WHEN ASSIGNED** Exposed IOCTL with Insufficient 
Access C ...)
+       TODO: check
+CVE-2026-57077 (YAML::Syck versions before 1.47 for Perl allow an 
out-of-bounds read v ...)
        - libyaml-syck-perl <unfixed> (bug #1142267)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/17/4
        NOTE: Fixed by: 
https://github.com/toddr/YAML-Syck/commit/44c90a109ec3215ee7ce747bd11209835e123d8b
 (1.47)
-CVE-2026-57076
+CVE-2026-57076 (YAML::Syck versions before 1.47 for Perl allow a heap 
use-after-free v ...)
        - libyaml-syck-perl <unfixed> (bug #1142267)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/17/3
        NOTE: Fixed by: 
https://github.com/toddr/YAML-Syck/commit/44c90a109ec3215ee7ce747bd11209835e123d8b
 (1.47)
-CVE-2026-57075
+CVE-2026-57075 (YAML::Syck versions before 1.47 for Perl allow an 
out-of-bounds read v ...)
        - libyaml-syck-perl <unfixed> (bug #1142267)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/17/2
        NOTE: Fixed by: 
https://github.com/toddr/YAML-Syck/commit/44c90a109ec3215ee7ce747bd11209835e123d8b
 (1.47)
-CVE-2026-13713
+CVE-2026-13713 (YAML::Syck versions before 1.47 for Perl allow a 
use-after-free and do ...)
        - libyaml-syck-perl <unfixed> (bug #1142267)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/17/1
        NOTE: Fixed by: 
https://github.com/toddr/YAML-Syck/commit/44c90a109ec3215ee7ce747bd11209835e123d8b
 (1.47)
@@ -26,23 +570,23 @@ CVE-2026-62319
 CVE-2026-62318
        - netatalk <unfixed> (bug #1142270)
        NOTE: https://netatalk.io/security/CVE-2026-62318
-CVE-2026-57074
+CVE-2026-57074 (XML::Bare versions through 0.53 for Perl have an unbounded 
character l ...)
        - libxml-bare-perl 0.53-5 (bug #1142227)
        [trixie] - libxml-bare-perl <no-dsa> (Minor issue)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41876806/
        NOTE: https://github.com/nanoscopic/perl-XML-Bare/pull/1
        NOTE: 
https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-57074-r1.patch
-CVE-2026-13401
+CVE-2026-13401 (XML::Bare versions through 0.53 for Perl will hang in an 
infinite loop ...)
        - libxml-bare-perl 0.53-5 (bug #1142227)
        [trixie] - libxml-bare-perl <no-dsa> (Minor issue)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41876829/
        NOTE: https://github.com/nanoscopic/perl-XML-Bare/pull/2
        NOTE: 
https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-13401-r1.patch
-CVE-2026-57073
+CVE-2026-57073 (HTML::Bare versions through 0.04 for Perl have an unbounded 
character  ...)
        NOT-FOR-US: HTML::Bare Perl module
-CVE-2026-13397
+CVE-2026-13397 (HTML::Bare versions through 0.04 for Perl will hang in an 
infinite loo ...)
        NOT-FOR-US: HTML::Bare Perl module
-CVE-2026-3031
+CVE-2026-3031 (Image::EPEG versions through 0.15 for Perl embeds an 
unsupported versi ...)
        NOT-FOR-US: Image::EPEG Perl module
 CVE-2026-63175 (PlaywrightCapture stored capture-specific configuration and 
runtime da ...)
        NOT-FOR-US: PlaywrightCapture
@@ -2455,63 +2999,63 @@ CVE-2026-23573 (An Improper Neutralization of Input 
During Web Page Generation (
 CVE-2026-21840 (HCL BigFix Platform is affected by a user enumeration 
vulnerability wh ...)
        NOT-FOR-US: HCL
 CVE-2026-15778 (Insufficient validation of untrusted input in Navigation in 
Google Chr ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15777 (Use after free in UI in Google Chrome on Linux prior to 
150.0.7871.125 ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15776 (Inappropriate implementation in V8 in Google Chrome prior to 
150.0.787 ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15775 (Inappropriate implementation in V8 in Google Chrome prior to 
150.0.787 ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15774 (Use after free in Skia in Google Chrome prior to 
150.0.7871.125 allowe ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15773 (Use after free in Core in Google Chrome on Windows prior to 
150.0.7871 ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15772 (Use after free in GPU in Google Chrome on Android prior to 
150.0.7871. ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15771 (Insufficient validation of untrusted input in Media in Google 
Chrome o ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15770 (Uninitialized Use in V8 in Google Chrome prior to 
150.0.7871.125 allow ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15769 (Insufficient validation of untrusted input in Linux Toolkit 
Theming in ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15768 (Insufficient policy enforcement in HTML-in-Canvas in Google 
Chrome pri ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15767 (Heap buffer overflow in libyuv in Google Chrome on Windows 
prior to 15 ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15766 (Uninitialized Use in Skia in Google Chrome prior to 
150.0.7871.125 all ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15765 (Use after free in Ozone in Google Chrome prior to 
150.0.7871.125 allow ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15764 (Use after free in Ozone in Google Chrome on Linux prior to 
150.0.7871. ...)
-       {DSA-6390-1}
+       {DSA-6390-1 DLA-4687-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15757 (A security flaw was discovered in the NETGEAR DGND3700v1 that 
could al ...)
@@ -9213,7 +9757,8 @@ CVE-2026-6687 (FatFs R0.16 and earlier contains a stack 
overflow bug in f_getlab
        NOT-FOR-US: FatFs
 CVE-2026-6686 (FatFs R0.16 and earlier contains an uninitialized cluster 
exposure whe ...)
        NOT-FOR-US: FatFs
-CVE-2026-6685 (FatFs R0.16 and earlier exhibits a stale dirty-cache skip via 
unsigned ...)
+CVE-2026-6685
+       REJECTED
        NOT-FOR-US: FatFs
 CVE-2026-6684 (FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' 
contain ...)
        NOT-FOR-US: FatFs
@@ -24278,13 +24823,13 @@ CVE-2017-20240 (Crypt::PBKDF2 versions before 
0.261630 for Perl are vulnerable t
        [bookworm] - libcrypt-pbkdf2-perl 0.261630-1~deb13u1~deb12u1
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/40929601/
        NOTE: Fixed by: 
https://github.com/arodland/Crypt-PBKDF2/commit/ac5aac7c8c0e411165a6665a9c1f449b745f2629
 (0.261630)
-CVE-2026-50012
+CVE-2026-50012 (Squid is a caching proxy for the Web. Prior to 7.6, due to an 
improper ...)
        {DSA-6360-1}
        - squid 7.6-1
        NOTE: https://www.openwall.com/lists/oss-security/2026/06/12/1
        NOTE: Fixed by: 
https://github.com/squid-cache/squid/commit/19fcfe922717c8b255270c032dcde4071c003bcd
 (SQUID_7_6)
        NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-5vmx-9x64-9284
-CVE-2026-47729
+CVE-2026-47729 (Squid is a caching proxy for the Web. Prior to 7.6, due to an 
improper ...)
        {DSA-6360-1}
        - squid 7.6-1
        NOTE: https://www.openwall.com/lists/oss-security/2026/06/12/1
@@ -187267,7 +187812,7 @@ CVE-2025-27462 ([This CNA information record relates 
to multiple CVEs; the text
        NOTE: https://xenbits.xen.org/xsa/advisory-468.html
 CVE-2025-5276 (Versions of the package mcp-markdownify-server before 1.0.0 are 
vulner ...)
        NOT-FOR-US: mcp-markdownify-server
-CVE-2025-5273 (All versions of the package mcp-markdownify-server are 
vulnerable to F ...)
+CVE-2025-5273 (Versions of the package mcp-markdownify-server before 1.0.0 are 
vulner ...)
        NOT-FOR-US: mcp-markdownify-server
 CVE-2025-4583 (The Smash Balloon Social Photo Feed \u2013 Easy Social Feeds 
Plugin pl ...)
        NOT-FOR-US: WordPress plugin
@@ -211069,7 +211614,8 @@ CVE-2024-7990 (A stored cross-site scripting (XSS) 
vulnerability exists in open-
        NOT-FOR-US: open-webui/open-webui
 CVE-2024-7983 (In version 0.3.8 of open-webui, an endpoint for converting 
markdown to ...)
        NOT-FOR-US: open-webui/open-webui
-CVE-2024-7959 (The `/openai/models` endpoint in open-webui/open-webui version 
0.3.8 i ...)
+CVE-2024-7959
+       REJECTED
        NOT-FOR-US: open-webui/open-webui
 CVE-2024-7957 (An arbitrary file overwrite vulnerability exists in the 
ZulipConnector ...)
        NOT-FOR-US: danswer-ai/danswer
@@ -211125,17 +211671,21 @@ CVE-2024-7044 (A Stored Cross-Site Scripting (XSS) 
vulnerability exists in the c
        NOT-FOR-US: open-webui/open-webui
 CVE-2024-7043 (An improper access control vulnerability in 
open-webui/open-webui v0.3 ...)
        NOT-FOR-US: open-webui/open-webui
-CVE-2024-7040 (In version v0.3.8 of open-webui/open-webui, there is an 
improper acces ...)
+CVE-2024-7040
+       REJECTED
        NOT-FOR-US: open-webui/open-webui
-CVE-2024-7039 (In open-webui/open-webui version v0.3.8, there is an improper 
privileg ...)
+CVE-2024-7039
+       REJECTED
        NOT-FOR-US: open-webui/open-webui
 CVE-2024-7036 (A vulnerability in open-webui/open-webui v0.3.8 allows an 
unauthentica ...)
        NOT-FOR-US: open-webui/open-webui
 CVE-2024-7035 (In version v0.3.8 of open-webui/open-webui, sensitive actions 
such as  ...)
        NOT-FOR-US: open-webui/open-webui
-CVE-2024-7034 (In open-webui version 0.3.8, the endpoint `/models/upload` is 
vulnerab ...)
+CVE-2024-7034
+       REJECTED
        NOT-FOR-US: open-webui/open-webui
-CVE-2024-7033 (In version 0.3.8 of open-webui/open-webui, an arbitrary file 
write vul ...)
+CVE-2024-7033
+       REJECTED
        NOT-FOR-US: open-webui/open-webui
 CVE-2024-6986 (A Cross-site Scripting (XSS) vulnerability exists in the 
Settings page ...)
        NOT-FOR-US: parisneo/lollms-webui
@@ -261662,7 +262212,8 @@ CVE-2024-7292 (In Progress\xae Telerik\xae Report 
Server versions prior to 2024
        NOT-FOR-US: Progress Telerik
 CVE-2024-7041 (An Insecure Direct Object Reference (IDOR) vulnerability exists 
in ope ...)
        NOT-FOR-US: open-webui
-CVE-2024-7038 (An information disclosure vulnerability exists in open-webui 
version 0 ...)
+CVE-2024-7038
+       REJECTED
        NOT-FOR-US: open-webui
 CVE-2024-7037 (In version v0.3.8 of open-webui/open-webui, the endpoint 
/api/pipeline ...)
        NOT-FOR-US: open-webui
@@ -267034,7 +267585,7 @@ CVE-2024-22399 (Deserialization of Untrusted Data 
vulnerability in Apache Seata.
        NOT-FOR-US: Apache Seata
 CVE-2024-8762 (A vulnerability was found in code-projects Crud Operation 
System 1.0.  ...)
        NOT-FOR-US: Crud Operation System
-CVE-2024-8751 (A vulnerability in the MSC800 allows an unauthenticated 
attacker to mo ...)
+CVE-2024-8751 (A vulnerability allows a remote unauthenticated attacker to 
modify the ...)
        NOT-FOR-US: SICK
 CVE-2024-8742 (The Essential Addons for Elementor \u2013 Best Elementor Addon, 
Templa ...)
        NOT-FOR-US: WordPress plugin
@@ -537655,8 +538206,8 @@ CVE-2021-27138 (The boot loader in Das U-Boot before 
2021.04-rc2 mishandles use
        NOTE: 
https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
        NOTE: 
https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
        NOTE: 
https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
 (full changeset incl. CVE-2021-27097)
-CVE-2021-27137
-       RESERVED
+CVE-2021-27137 (An issue was discovered in router/upnp/src/ssdp.c in DD-WRT 
before 457 ...)
+       TODO: check
 CVE-2021-27136
        RESERVED
 CVE-2021-27134



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/629a2230fba7839b29b2f4310268b4d5171a0c9e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/629a2230fba7839b29b2f4310268b4d5171a0c9e
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to