[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 47e4456a by security tracker role at 2026-04-11T07:12:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = Binary files a/data/CVE/list and b/data/CVE/list differ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47e4456a22008f926a23afb8567d831a77b20967 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47e4456a22008f926a23afb8567d831a77b20967 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4bfb8646 by security tracker role at 2026-04-10T19:13:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = Binary files a/data/CVE/list and b/data/CVE/list differ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bfb8646472761d58b33f88ffd3901a124493a92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bfb8646472761d58b33f88ffd3901a124493a92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 651fcb8d by security tracker role at 2026-04-10T07:12:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = Binary files a/data/CVE/list and b/data/CVE/list differ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651fcb8dbe185961ee504a37ebf14495400ffb64 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651fcb8dbe185961ee504a37ebf14495400ffb64 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 506fd94a by security tracker role at 2026-04-09T19:13:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = Binary files a/data/CVE/list and b/data/CVE/list differ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/506fd94af5f1a7f3663f4cee1bcc93011098032c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/506fd94af5f1a7f3663f4cee1bcc93011098032c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fcc0a948 by security tracker role at 2026-04-09T07:14:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = Binary files a/data/CVE/list and b/data/CVE/list differ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcc0a94806ce18611c5313edf5962989098fa11a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcc0a94806ce18611c5313edf5962989098fa11a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eab677ed by security tracker role at 2026-04-08T07:14:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = Binary files a/data/CVE/list and b/data/CVE/list differ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab677ed8e228fe16d0a3a52ff5b559541675b0a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab677ed8e228fe16d0a3a52ff5b559541675b0a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1669dab0 by security tracker role at 2026-04-07T19:13:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = Binary files a/data/CVE/list and b/data/CVE/list differ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1669dab00e7c3e762781e0eedd51ee1a8dce2ecb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1669dab00e7c3e762781e0eedd51ee1a8dce2ecb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8519272 by security tracker role at 2026-04-07T07:14:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,185 @@ +CVE-2026-5719 (A flaw has been found in itsourcecode Construction Management System 1 ...) + TODO: check +CVE-2026-5709 (Unsanitized input in the FileBrowser API in AWS Research and Engineeri ...) + TODO: check +CVE-2026-5708 (Unsanitized control of user-modifiable attributes in the session creat ...) + TODO: check +CVE-2026-5707 (Unsanitized input in an OS command in the virtual desktop session name ...) + TODO: check +CVE-2026-5705 (A vulnerability was identified in code-projects Online Hotel Booking 1 ...) + TODO: check +CVE-2026-5692 (A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Th ...) + TODO: check +CVE-2026-5691 (A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b2019102 ...) + TODO: check +CVE-2026-5690 (A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The im ...) + TODO: check +CVE-2026-5689 (A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. ...) + TODO: check +CVE-2026-5688 (A security vulnerability has been detected in Totolink A7100RU 7.4cu.2 ...) + TODO: check +CVE-2026-5687 (A weakness has been identified in Tenda CX12L 16.03.53.12. This issue ...) + TODO: check +CVE-2026-5686 (A security flaw has been discovered in Tenda CX12L 16.03.53.12. This v ...) + TODO: check +CVE-2026-5685 (A vulnerability was identified in Tenda CX12L 16.03.53.12. This affect ...) + TODO: check +CVE-2026-5684 (A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by ...) + TODO: check +CVE-2026-5683 (A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this ...) + TODO: check +CVE-2026-5682 (A vulnerability has been found in Meesho Online Shopping App up to 27. ...) + TODO: check +CVE-2026-5681 (A flaw has been found in itsourcecode sanitize or validate this input ...) + TODO: check +CVE-2026-5679 (A security vulnerability has been detected in Totolink A3300R 17.0.0cu ...) + TODO: check +CVE-2026-5465 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin ...) + TODO: check +CVE-2026-4079 (The SQL Chart Builder WordPress plugin before 2.3.8 does not properly ...) + TODO: check +CVE-2026-35475 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, th ...) + TODO: check +CVE-2026-35474 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, op ...) + TODO: check +CVE-2026-35473 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...) + TODO: check +CVE-2026-35472 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...) + TODO: check +CVE-2026-35471 (goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdel ...) + TODO: check +CVE-2026-35459 (pyLoad is a free and open-source download manager written in Python. I ...) + TODO: check +CVE-2026-35454 (The Code Extension Marketplace is an open-source alternative to the VS ...) + TODO: check +CVE-2026-35452 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-35450 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-35449 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-35448 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-35444 (SDL_image is a library to load images of various formats as SDL surfac ...) + TODO: check +CVE-2026-35442 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2026-35441 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2026-35413 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2026-35412 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2026-35411 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2026-35410 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2026-35409 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2026-35408 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2026-35404 (Open edX Platform enables the authoring and delivery of online learnin ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b65f6efc by security tracker role at 2026-04-06T19:13:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,327 @@ -CVE-2026-31410 [ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION] +CVE-2026-5704 (A flaw was found in tar. A remote attacker could exploit this vulnerab ...) + TODO: check +CVE-2026-5678 (A weakness has been identified in Totolink A7100RU 7.4cu.2313_b2019102 ...) + TODO: check +CVE-2026-5677 (A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20 ...) + TODO: check +CVE-2026-5676 (A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. ...) + TODO: check +CVE-2026-5675 (A vulnerability was found in itsourcecode Construction Management Syst ...) + TODO: check +CVE-2026-5673 (A flaw was found in libtheora. This heap-based out-of-bounds read vuln ...) + TODO: check +CVE-2026-5672 (A vulnerability has been found in code-projects Simple IT Discussion F ...) + TODO: check +CVE-2026-5671 (A vulnerability was determined in Cyber-III Student-Management-System ...) + TODO: check +CVE-2026-5670 (A vulnerability was found in Cyber-III Student-Management-System up to ...) + TODO: check +CVE-2026-5669 (A vulnerability has been found in Cyber-III Student-Management-System ...) + TODO: check +CVE-2026-5668 (A flaw has been found in Cyber-III Student-Management-System up to 1a9 ...) + TODO: check +CVE-2026-5666 (A vulnerability was detected in code-projects Online FIR System 1.0. A ...) + TODO: check +CVE-2026-5665 (A security vulnerability has been detected in code-projects Online FIR ...) + TODO: check +CVE-2026-5664 + REJECTED +CVE-2026-5663 (A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This i ...) + TODO: check +CVE-2026-5661 (A vulnerability was identified in Free5GC 4.2.0. This affects an unkno ...) + TODO: check +CVE-2026-5660 (A vulnerability was determined in itsourcecode Construction Management ...) + TODO: check +CVE-2026-5659 (A vulnerability was found in pytries datrie up to 0.8.3. The affected ...) + TODO: check +CVE-2026-5650 (A vulnerability was found in code-projects Online Application System f ...) + TODO: check +CVE-2026-5649 (A vulnerability has been found in code-projects Online Application Sys ...) + TODO: check +CVE-2026-5648 (A flaw has been found in code-projects Simple Laundry System 1.0. This ...) + TODO: check +CVE-2026-5647 (A vulnerability was detected in code-projects Online Shoe Store 1.0. T ...) + TODO: check +CVE-2026-5646 (A security vulnerability has been detected in code-projects Easy Blog ...) + TODO: check +CVE-2026-5645 (A weakness has been identified in projectworlds Car Rental System 1.0. ...) + TODO: check +CVE-2026-5644 (A security flaw has been discovered in Cyber-III Student-Management-Sy ...) + TODO: check +CVE-2026-5643 (A vulnerability was identified in Cyber-III Student-Management-System ...) + TODO: check +CVE-2026-5642 (A vulnerability was determined in Cyber-III Student-Management-System ...) + TODO: check +CVE-2026-5641 (A vulnerability was found in PHPGurukul Online Shopping Portal Project ...) + TODO: check +CVE-2026-5640 (A vulnerability has been found in PHPGurukul Online Shopping Portal Pr ...) + TODO: check +CVE-2026-5639 (A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1 ...) + TODO: check +CVE-2026-5638 (A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. T ...) + TODO: check +CVE-2026-5637 (A security vulnerability has been detected in projectworlds Car Rental ...) + TODO: check +CVE-2026-5636 (A weakness has been identified in PHPGurukul Online Shopping Portal Pr ...) + TODO: check +CVE-2026-5635 (A security flaw has been discovered in PHPGurukul Online Shopping Port ...) + TODO: check +CVE-2026-5634 (A vulnerability was identified in projectworlds Car Rental Project 1.0 ...) + TODO: check +CVE-2026-5633 (A vulnerability was determined in assafelovic gpt-researcher up to 3.4 ...) + TODO: check +CVE-2026-3524 (Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request pro ...) + TODO: check +CVE-2026-37977 (A flaw was found in Keycloak. A remote attacker can exploit a Cross-Or ...) + TODO: check +CVE-2026-35470 (OpenSTAManager is an open source management software for technical ass ...) + TODO: check +CVE-2026-35209 (defu is software that allows uers to assign default properties recursi ...) + TODO: check +CVE-2026-35177 (Vim is an open source, command line text editor. Prior to 9.2.0280, a ...) + TODO: check +CVE-2026-35175 (Ajent
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 97c8a06a by security tracker role at 2026-04-06T07:13:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,237 @@ +CVE-2026-5632 (A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. T ...) + TODO: check +CVE-2026-5631 (A vulnerability has been found in assafelovic gpt-researcher up to 3.4 ...) + TODO: check +CVE-2026-5630 (A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The i ...) + TODO: check +CVE-2026-5629 (A vulnerability was detected in Belkin F9K1015 1.00.10. The affected e ...) + TODO: check +CVE-2026-5628 (A security vulnerability has been detected in Belkin F9K1015 1.00.10. ...) + TODO: check +CVE-2026-5625 (A weakness has been identified in assafelovic gpt-researcher up to 3.4 ...) + TODO: check +CVE-2026-5624 (A security flaw has been discovered in ProjectSend r2002. This vulnera ...) + TODO: check +CVE-2026-5623 (A vulnerability was identified in hcengineering Huly Platform 0.7.382. ...) + TODO: check +CVE-2026-5622 (A vulnerability was determined in hcengineering Huly Platform 0.7.382. ...) + TODO: check +CVE-2026-5621 (A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Aff ...) + TODO: check +CVE-2026-5620 (A vulnerability has been found in itsourcecode Construction Management ...) + TODO: check +CVE-2026-5619 (A flaw has been found in Braffolk mcp-summarization-functions up to 0. ...) + TODO: check +CVE-2026-5618 (A vulnerability was detected in kalcaddle kodbox up to 1.64. This affe ...) + TODO: check +CVE-2026-5616 (A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. T ...) + TODO: check +CVE-2026-5615 (A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affe ...) + TODO: check +CVE-2026-5614 (A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacte ...) + TODO: check +CVE-2026-5613 (A vulnerability was identified in Belkin F9K1015 1.00.10. This issue a ...) + TODO: check +CVE-2026-5612 (A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnera ...) + TODO: check +CVE-2026-5611 (A vulnerability was found in Belkin F9K1015 1.00.10. This affects the ...) + TODO: check +CVE-2026-5610 (A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by ...) + TODO: check +CVE-2026-5609 (A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vu ...) + TODO: check +CVE-2026-5608 (A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is th ...) + TODO: check +CVE-2026-5607 (A security vulnerability has been detected in imprvhub mcp-browser-age ...) + TODO: check +CVE-2026-5606 (A security flaw has been discovered in PHPGurukul Online Shopping Port ...) + TODO: check +CVE-2026-5605 (A weakness has been identified in Tenda CH22 1.0.0.1. This affects the ...) + TODO: check +CVE-2026-5604 (A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacte ...) + TODO: check +CVE-2026-5603 (A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0. ...) + TODO: check +CVE-2026-5602 (A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impact ...) + TODO: check +CVE-2026-5601 (A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1 ...) + TODO: check +CVE-2026-5599 (A user with API access and "manage users" permission in any venueless ...) + TODO: check +CVE-2026-5597 (A flaw has been found in griptape-ai griptape 0.19.4. This affects an ...) + TODO: check +CVE-2026-5596 (A vulnerability was detected in griptape-ai griptape 0.19.4. Affected ...) + TODO: check +CVE-2026-5595 (A security vulnerability has been detected in griptape-ai griptape 0.1 ...) + TODO: check +CVE-2026-5594 (A weakness has been identified in premAI-io premsql up to 0.2.1. Affec ...) + TODO: check +CVE-2026-5587 (A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0 ...) + TODO: check +CVE-2026-5586 (A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. Th ...) + TODO: check +CVE-2026-5585 (A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected ...) + TODO: check +CVE-2026-5584 (A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted i ...) + TODO: check +CVE-2026-5583 (A security vulnerability has been detected in PHPGurukul Online Shoppi ...) + TODO: check +CVE-2026-5580 (A vulnerability was identified in CodeAstro Online Classroom 1.0. Impa ...) + TODO: check +CVE-2026-5579 (A vulnerability was determined in CodeAstro Online Classroom 1.0. This ...) + TODO: check +CVE-2026-5578
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c7579a87 by security tracker role at 2026-04-05T07:13:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,49 @@
+CVE-2026-5590 (A race condition during TCP connection teardown can cause
tcp_recv() t ...)
+ TODO: check
+CVE-2026-5546 (A flaw has been found in Campcodes Complete Online Learning
Management ...)
+ TODO: check
+CVE-2026-5544 (A security flaw has been discovered in UTT HiPER 1250GW up to
3.2.7-21 ...)
+ TODO: check
+CVE-2026-5543 (A vulnerability was identified in PHPGurukul User Registration
& Login ...)
+ TODO: check
+CVE-2026-5542 (A vulnerability was determined in code-projects Simple Laundry
System ...)
+ TODO: check
+CVE-2026-5541 (A vulnerability was found in code-projects Simple Laundry
System 1.0. ...)
+ TODO: check
+CVE-2026-5540 (A vulnerability has been found in code-projects Simple Laundry
System ...)
+ TODO: check
+CVE-2026-5539 (A flaw has been found in code-projects Simple Laundry System
1.0. This ...)
+ TODO: check
+CVE-2026-5538 (A vulnerability was detected in QingdaoU OnlineJudge up to
1.6.1. Affe ...)
+ TODO: check
+CVE-2026-5537 (A security vulnerability has been detected in halex CourseSEL
up to 1. ...)
+ TODO: check
+CVE-2026-5536 (A weakness has been identified in FedML-AI FedML up to 0.8.9.
Affected ...)
+ TODO: check
+CVE-2026-5535 (A security flaw has been discovered in FedML-AI FedML up to
0.8.9. Thi ...)
+ TODO: check
+CVE-2026-5534 (A vulnerability was identified in itsourcecode Online
Enrollment Syste ...)
+ TODO: check
+CVE-2026-5533 (A vulnerability was determined in badlogic pi-mono 0.58.4. The
impacte ...)
+ TODO: check
+CVE-2026-5532 (A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to
1.74.0 ...)
+ TODO: check
+CVE-2026-5531 (A vulnerability has been found in SourceCodester Student Result
Manage ...)
+ TODO: check
+CVE-2026-5530 (A flaw has been found in Ollama up to 18.1. This issue affects
some un ...)
+ TODO: check
+CVE-2026-5529 (A vulnerability was detected in Dromara lamp-cloud up to 5.8.1.
This v ...)
+ TODO: check
+CVE-2026-5528 (A security vulnerability has been detected in MoussaabBadla
code-scree ...)
+ TODO: check
+CVE-2026-5527 (A weakness has been identified in Tenda 4G03 Pro
1.0/1.0re/01.bin/04.0 ...)
+ TODO: check
+CVE-2026-5526 (A security flaw has been discovered in Tenda 4G03 Pro up to
1.0/1.1/04 ...)
+ TODO: check
+CVE-2018-25246 (Wikipedia 12.0 contains a denial of service vulnerability that
allows ...)
+ TODO: check
+CVE-2016-20054 (Nodcms contains a cross-site request forgery vulnerability
that allows ...)
+ TODO: check
CVE-2026-5425 (The Widgets for Social Photo Feed plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4896 (The WCFM \u2013 Frontend Manager for WooCommerce along with
Bookings S ...)
@@ -3012,7 +3058,7 @@ CVE-2018-25226 (FTPShell Server 6.83 contains a buffer
overflow vulnerability th
CVE-2026-4981
NOT-FOR-US: Red Hat Advanced Cluster Security
CVE-2026-35545 (An issue was discovered in Roundcube Webmail before 1.5.15 and
1.6.15. ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.15+dfsg-1 (bug #1132268)
NOTE:
https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46
(1.7-rc6)
@@ -9876,21 +9922,21 @@ CVE-2026-2046
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15289
NOTE: Building of optional Plug-In for Amiga IFF/ILBM not enabled.
CVE-2026-35540 (An issue was discovered in Roundcube Webmail 1.6.0 before
1.6.14. Insu ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE:
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE:
https://i0.rs/blog/turning-a-roundcube-link-tag-into-a-zero-day-ssrf-and-data-exfiltration/
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942
(1.7-rc5)
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870
(1.6.14)
CVE-2026-35539 (An issue was discovered in Roundcube Webmail before 1.5.14 and
1.6.14. ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE:
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f
(1.7-r
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b786ce1c by security tracker role at 2026-04-04T19:13:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,95 @@ +CVE-2026-5425 (The Widgets for Social Photo Feed plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2026-4896 (The WCFM \u2013 Frontend Manager for WooCommerce along with Bookings S ...) + TODO: check +CVE-2026-3666 (The wpForo Forum plugin for WordPress is vulnerable to arbitrary file ...) + TODO: check +CVE-2026-3445 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) + TODO: check +CVE-2026-3309 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) + TODO: check +CVE-2026-2936 (The Visitor Traffic Real Time Statistics plugin for WordPress is vulne ...) + TODO: check +CVE-2026-2826 (The Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor pl ...) + TODO: check +CVE-2026-2600 (The ElementsKit Elementor Addons and Templates plugin for WordPress is ...) + TODO: check +CVE-2026-2437 (The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator S ...) + TODO: check +CVE-2026-1233 (The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress ...) + TODO: check +CVE-2026-0738 (The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is ...) + TODO: check +CVE-2026-0737 (The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is ...) + TODO: check +CVE-2026-0664 (The Royal Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2026-0626 (The WPFunnels \u2013 Easy Funnel Builder To Optimize Buyer Journeys An ...) + TODO: check +CVE-2026-0552 (The Simple Shopping Cart plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2025-15064 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...) + TODO: check +CVE-2025-14938 (The Listeo Core plugin for WordPress is vulnerable to unauthenticated ...) + TODO: check +CVE-2025-13368 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for WordPress ...) + TODO: check +CVE-2018-25255 (10-Strike LANState 8.8 contains a local buffer overflow vulnerability ...) + TODO: check +CVE-2018-25254 (NICO-FTP 3.0.1.19 contains a structured exception handler buffer overf ...) + TODO: check +CVE-2018-25253 (Termite 3.4 contains a buffer overflow vulnerability in the User inter ...) + TODO: check +CVE-2018-25252 (FTP Voyager 16.2.0 contains a denial of service vulnerability that all ...) + TODO: check +CVE-2018-25251 (Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay ...) + TODO: check +CVE-2018-25250 (MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent c ...) + TODO: check +CVE-2018-25249 (MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting v ...) + TODO: check +CVE-2018-25248 (MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting ...) + TODO: check +CVE-2018-25247 (MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability t ...) + TODO: check +CVE-2018-25245 (7 Tik 1.0.1.0 contains a denial of service vulnerability that allows a ...) + TODO: check +CVE-2018-25244 (Eco Search 1.0.2.0 contains a denial of service vulnerability that all ...) + TODO: check +CVE-2018-25243 (FastTube 1.0.1.0 contains a denial of service vulnerability that allow ...) + TODO: check +CVE-2018-25242 (One Search 1.1.0.0 contains a denial of service vulnerability that all ...) + TODO: check +CVE-2018-25241 (VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that a ...) + TODO: check +CVE-2018-25240 (Watchr 1.1.0.0 contains a denial of service vulnerability that allows ...) + TODO: check +CVE-2018-25239 (Smart VPN 1.1.3.0 contains a denial of service vulnerability that allo ...) + TODO: check +CVE-2018-25238 (VSCO 1.1.1.0 contains a denial of service vulnerability that allows lo ...) + TODO: check +CVE-2016-20061 (sheed AntiVirus 2.3 contains an unquoted service path vulnerability in ...) + TODO: check +CVE-2016-20060 (Hotspot Shield 6.0.3 contains an unquoted service path vulnerability i ...) + TODO: check +CVE-2016-20059 (IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerab ...) + TODO: check +CVE-2016-20058 (Netgate AMITI Antivirus build 23.0.305 contains an unquoted service pa ...) + TODO: check +CVE-2016-20057 (NETGATE Registry Cleaner build 16.0.205 contains an unquoted service p ...) + TODO: check +CVE-2016-20056 (Spy Emergency build 23.0.205 contains an unquoted service path vulnera ...) + TO
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a51dbd6 by security tracker role at 2026-04-04T07:19:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,185 @@ +CVE-2026-5485 (OS command injection in the browser-based authentication component in ...) + TODO: check +CVE-2026-5484 (A weakness has been identified in BookStackApp BookStack up to 26.03. ...) + TODO: check +CVE-2026-3571 (The Pie Register \u2013 User Registration, Profiles & Content Restrict ...) + TODO: check +CVE-2026-35616 (A improper access control vulnerability in Fortinet FortiClientEMS 7.4 ...) + TODO: check +CVE-2026-35562 (Allocation of resources without limits in the parsing components in Am ...) + TODO: check +CVE-2026-35561 (Insufficient authentication security controls in the browser-based aut ...) + TODO: check +CVE-2026-35560 (Improper certificate validation in the identity provider connection co ...) + TODO: check +CVE-2026-35559 (Out-of-bounds write in the query processing components in Amazon Athen ...) + TODO: check +CVE-2026-35558 (Improper neutralization of special elements in the authentication comp ...) + TODO: check +CVE-2026-35468 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...) + TODO: check +CVE-2026-34990 (OpenPrinting CUPS is an open source printing system for Linux and othe ...) + TODO: check +CVE-2026-34980 (OpenPrinting CUPS is an open source printing system for Linux and othe ...) + TODO: check +CVE-2026-34979 (OpenPrinting CUPS is an open source printing system for Linux and othe ...) + TODO: check +CVE-2026-34978 (OpenPrinting CUPS is an open source printing system for Linux and othe ...) + TODO: check +CVE-2026-34955 (PraisonAI is a multi-agent teams system. Prior to version 4.5.97, Subp ...) + TODO: check +CVE-2026-34954 (PraisonAI is a multi-agent teams system. Prior to version 1.5.95, File ...) + TODO: check +CVE-2026-34953 (PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAut ...) + TODO: check +CVE-2026-34952 (PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the ...) + TODO: check +CVE-2026-34947 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-34939 (PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPT ...) + TODO: check +CVE-2026-34938 (PraisonAI is a multi-agent teams system. Prior to version 1.5.90, exec ...) + TODO: check +CVE-2026-34937 (PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_ ...) + TODO: check +CVE-2026-34936 (PraisonAI is a multi-agent teams system. Prior to version 4.5.90, pass ...) + TODO: check +CVE-2026-34935 (PraisonAI is a multi-agent teams system. From version 4.5.15 to before ...) + TODO: check +CVE-2026-34934 (PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the ...) + TODO: check +CVE-2026-34933 (Avahi is a system which facilitates service discovery on a local netwo ...) + TODO: check +CVE-2026-34824 (Mesop is a Python-based UI framework that allows users to build web ap ...) + TODO: check +CVE-2026-34788 (Emlog is an open source website building system. In versions 2.6.2 and ...) + TODO: check +CVE-2026-34787 (Emlog is an open source website building system. In versions 2.6.2 and ...) + TODO: check +CVE-2026-34780 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34779 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34778 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34777 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34776 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34775 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34774 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34773 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34772 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34771 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34770 (Electron is a framework for writing cross-platform desktop application ...) + TODO: check +CVE-2026-34769 (Electron is a framework for writing cross-platform desktop application ..
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4bdf48f9 by security tracker role at 2026-04-03T19:14:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,318 +1,402 @@ -CVE-2026-31404 [NFSD: Defer sub-object cleanup in export put callbacks] +CVE-2026-5476 (A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affe ...) + TODO: check +CVE-2026-5475 (A vulnerability was determined in NASA cFS up to 7.0.0. This impacts t ...) + TODO: check +CVE-2026-5474 (A vulnerability was found in NASA cFS up to 7.0.0. This affects the fu ...) + TODO: check +CVE-2026-5473 (A vulnerability has been found in NASA cFS up to 7.0.0. The impacted e ...) + TODO: check +CVE-2026-5472 (A flaw has been found in ProjectsAndPrograms School Management System ...) + TODO: check +CVE-2026-5471 (A vulnerability was detected in Investory Toy Planet Trouble App up to ...) + TODO: check +CVE-2026-5470 (A security vulnerability has been detected in mixelpixx Google-Researc ...) + TODO: check +CVE-2026-5469 (A weakness has been identified in Casdoor 2.356.0. This vulnerability ...) + TODO: check +CVE-2026-5468 (A security flaw has been discovered in Casdoor 2.356.0. This affects t ...) + TODO: check +CVE-2026-5467 (A vulnerability was identified in Casdoor 2.356.0. Affected by this is ...) + TODO: check +CVE-2026-5462 (A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 ...) + TODO: check +CVE-2026-5458 (A weakness has been identified in Noelse Individuals & Pro App up to 2 ...) + TODO: check +CVE-2026-4350 (The Perfmatters plugin for WordPress is vulnerable to arbitrary file d ...) + TODO: check +CVE-2026-4108 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are ...) + TODO: check +CVE-2026-4107 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are ...) + TODO: check +CVE-2026-3880 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are ...) + TODO: check +CVE-2026-3879 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are ...) + TODO: check +CVE-2026-35218 (Budibase is an open-source low-code platform. Prior to version 3.32.5, ...) + TODO: check +CVE-2026-35216 (Budibase is an open-source low-code platform. Prior to version 3.33.4, ...) + TODO: check +CVE-2026-35214 (Budibase is an open-source low-code platform. Prior to version 3.33.4, ...) + TODO: check +CVE-2026-32186 (Microsoft Bing Elevation of Privilege Vulnerability) + TODO: check +CVE-2026-31818 (Budibase is an open-source low-code platform. Prior to version 3.33.4, ...) + TODO: check +CVE-2026-28756 (Zohocorp ManageEngine Exchange Reporter Plusversions before 5802 are v ...) + TODO: check +CVE-2026-28754 (Zohocorp ManageEngine Exchange Reporter Plusversions before 5802 are v ...) + TODO: check +CVE-2026-28736 (** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to valida ...) + TODO: check +CVE-2026-28703 (Zohocorp ManageEngine Exchange Reporter Plusversions before 5802 are v ...) + TODO: check +CVE-2026-28373 (The Stackfield Desktop App before 1.10.2 for macOS and Windows contain ...) + TODO: check +CVE-2026-27655 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are ...) + TODO: check +CVE-2026-27124 (FastMCP is the standard framework for building MCP applications. Prior ...) + TODO: check +CVE-2026-26477 (An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacke ...) + TODO: check +CVE-2026-25773 (** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to saniti ...) + TODO: check +CVE-2026-25118 (immich is a high performance self-hosted photo and video management so ...) + TODO: check +CVE-2026-25044 (Budibase is an open-source low-code platform. Prior to version 3.33.4, ...) + TODO: check +CVE-2026-25043 (Budibase is an open-source low-code platform. Prior to version 3.23.25 ...) + TODO: check +CVE-2026-0545 (In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/ ...) + TODO: check +CVE-2025-7024 (Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connec ...) + TODO: check +CVE-2025-68153 (Juju is an open source application orchestration engine that enables a ...) + TODO: check +CVE-2025-68152 (Juju is an open source application orchestration engine that enables a ...) + TODO: check +CVE-2025-64340 (FastMCP is the standard framework for building MCP applications. Prior ...) + TODO: check +CVE-2025-59711 (An issue was discovered in Biztalk360 before 11.5. Because of mishandl ...) + TODO: check +CVE-2025-59710 (An issue was discovered in Biztalk360 b
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f5c5334 by security tracker role at 2026-04-03T07:13:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,105 @@ +CVE-2026-5463 (Command injection vulnerability in console.run_module_with_output() in ...) + TODO: check +CVE-2026-5457 (A security flaw has been discovered in PropertyGuru AgentNet Singapore ...) + TODO: check +CVE-2026-5456 (A vulnerability was identified in Align Technology My Invisalign App 3 ...) + TODO: check +CVE-2026-5455 (A vulnerability was determined in Dialogue App up to 4.3.2 on Android. ...) + TODO: check +CVE-2026-5454 (A vulnerability was found in GRID Organiser App up to 1.0.5 on Android ...) + TODO: check +CVE-2026-5453 (A vulnerability has been found in Rico s\xf3 vantagem pra investir App ...) + TODO: check +CVE-2026-5452 (A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android ...) + TODO: check +CVE-2026-5420 (A security flaw has been discovered in Shinrays Games Goods Triple App ...) + TODO: check +CVE-2026-35549 (An issue was discovered in MariaDB Server before 11.4.10, 11.5.x throu ...) + TODO: check +CVE-2026-35545 (An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. ...) + TODO: check +CVE-2026-35544 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...) + TODO: check +CVE-2026-35543 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...) + TODO: check +CVE-2026-35542 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...) + TODO: check +CVE-2026-35541 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...) + TODO: check +CVE-2026-35540 (An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insu ...) + TODO: check +CVE-2026-35539 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...) + TODO: check +CVE-2026-35538 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...) + TODO: check +CVE-2026-35537 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...) + TODO: check +CVE-2026-35508 (Shynet before 0.14.0 allows XSS in urldisplay and iconify template fil ...) + TODO: check +CVE-2026-35507 (Shynet before 0.14.0 allows Host header injection in the password rese ...) + TODO: check +CVE-2026-35467 (The stored API keys in temporary browser client is not marked as prote ...) + TODO: check +CVE-2026-35466 (XSS vulnerability in cveInterface.js allows for inject HTML to be pass ...) + TODO: check +CVE-2026-35383 (Bentley Systems iTwin Platform exposed a Cesium ion access token in th ...) + TODO: check +CVE-2026-35053 (OneUptime is an open-source monitoring and observability platform. Pri ...) + TODO: check +CVE-2026-34932 (hoppscotch is an open source API development ecosystem. Prior to versi ...) + TODO: check +CVE-2026-34931 (hoppscotch is an open source API development ecosystem. Prior to versi ...) + TODO: check +CVE-2026-34848 (hoppscotch is an open source API development ecosystem. Prior to versi ...) + TODO: check +CVE-2026-34847 (hoppscotch is an open source API development ecosystem. Prior to versi ...) + TODO: check +CVE-2026-34840 (OneUptime is an open-source monitoring and observability platform. Pri ...) + TODO: check +CVE-2026-34838 (Group-Office is an enterprise customer relationship management and gro ...) + TODO: check +CVE-2026-34834 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...) + TODO: check +CVE-2026-34833 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...) + TODO: check +CVE-2026-34832 (Scoold is a Q&A and a knowledge sharing platform for teams. Prior to v ...) + TODO: check +CVE-2026-34825 (NocoBase is an AI-powered no-code/low-code platform for building busin ...) + TODO: check +CVE-2026-34762 (Ella Core is a 5G core designed for private networks. Prior to version ...) + TODO: check +CVE-2026-34761 (Ella Core is a 5G core designed for private networks. Prior to version ...) + TODO: check +CVE-2026-34760 (vLLM is an inference and serving engine for large language models (LLM ...) + TODO: check +CVE-2026-33107 (Server-side request forgery (ssrf) in Azure Databricks allows an unaut ...) + TODO: check +CVE-2026-33105 (Improper authorization in Microsoft Azure Kubernetes Service allows an ...) + TODO: check +CVE-2026-32213 (Improper authorization in Azure AI Foundry allows an unauthorized atta ...) + TODO: check +CVE-2026-32211 (Missing authentication for critical function in Azure MCP Server allow ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a24d501 by security tracker role at 2026-04-02T19:13:05+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,34 +1,446 @@ +CVE-2026-5429 (Unsanitized input during web page generation in the Kiro Agent webview ...) + TODO: check +CVE-2026-5418 (A vulnerability was identified in appsmithorg appsmith up to 1.97. Imp ...) + TODO: check +CVE-2026-5417 (A vulnerability was determined in Dataease SQLbot up to 1.6.0. This is ...) + TODO: check +CVE-2026-5414 (A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. ...) + TODO: check +CVE-2026-5413 (A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affec ...) + TODO: check +CVE-2026-5370 (A vulnerability was identified in krayin laravel-crm up to 2.2. Impact ...) + TODO: check +CVE-2026-5368 (A vulnerability was determined in projectworlds Car Rental Project 1.0 ...) + TODO: check +CVE-2026-5360 (A vulnerability has been found in Free5GC 4.2.0. The affected element ...) + TODO: check +CVE-2026-5355 (A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected ...) + TODO: check +CVE-2026-5354 (A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this ...) + TODO: check +CVE-2026-5353 (A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected i ...) + TODO: check +CVE-2026-5352 (A security vulnerability has been detected in Trendnet TEW-657BRM 1.00 ...) + TODO: check +CVE-2026-5351 (A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This aff ...) + TODO: check +CVE-2026-5350 (A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The ...) + TODO: check +CVE-2026-5349 (A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affe ...) + TODO: check +CVE-2026-5346 (A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. I ...) + TODO: check +CVE-2026-5344 (A security vulnerability has been detected in Textpattern up to 4.9.1. ...) + TODO: check +CVE-2026-5342 (A flaw has been found in LibRaw up to 0.22.0. This affects the functio ...) + TODO: check +CVE-2026-5339 (A vulnerability was detected in Tenda G103 1.0.0.5. The impacted eleme ...) + TODO: check +CVE-2026-5338 (A security vulnerability has been detected in Tenda G103 1.0.0.5. The ...) + TODO: check +CVE-2026-5334 (A weakness has been identified in itsourcecode Online Enrollment Syste ...) + TODO: check +CVE-2026-5333 (A security flaw has been discovered in DefaultFuction Content-Manageme ...) + TODO: check +CVE-2026-5332 (A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerabili ...) + TODO: check +CVE-2026-5331 (A vulnerability was determined in OpenCart 4.1.0.3. This affects an un ...) + TODO: check +CVE-2026-5330 (A vulnerability was found in SourceCodester/mayuri_k Best Courier Mana ...) + TODO: check +CVE-2026-5328 (A weakness has been identified in shsuishang modulithshop up to 829bac ...) + TODO: check +CVE-2026-5327 (A security flaw has been discovered in efforthye fast-filesystem-mcp u ...) + TODO: check +CVE-2026-5326 (A vulnerability was identified in SourceCodester Leave Application Sys ...) + TODO: check +CVE-2026-5246 (A vulnerability was determined in Cesanta Mongoose up to 7.20. Affecte ...) + TODO: check +CVE-2026-5245 (A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts ...) + TODO: check +CVE-2026-5244 (A vulnerability has been found in Cesanta Mongoose up to 7.20. This af ...) + TODO: check +CVE-2026-5032 (The W3 Total Cache plugin for WordPress is vulnerable to information e ...) + TODO: check +CVE-2026-4636 (A flaw was found in Keycloak. An authenticated user with the uma_prote ...) + TODO: check +CVE-2026-4634 (A flaw was found in Keycloak. An unauthenticated attacker can exploit ...) + TODO: check +CVE-2026-4325 (A flaw was found in Keycloak. The SingleUseObjectProvider, a global ke ...) + TODO: check +CVE-2026-4282 (A flaw was found in Keycloak. The SingleUseObjectProvider, a global ke ...) + TODO: check +CVE-2026-3872 (A flaw was found in Keycloak. This issue allows an attacker, who contr ...) + TODO: check +CVE-2026-3692 (In Progress Flowmon versions prior to 12.5.8, a vulnerability exists w ...) + TODO: check +CVE-2026-35414 (OpenSSH before 10.3 mishandles the authorized_keys principals option i ...) + TODO: check +CVE-2026-35388 (OpenSSH before 10.3 omits connection multiplexing confirmation for pro ...) + TODO: check +CVE-2026-35387 (OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of an ...) + TODO: check +CVE-2026-3
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30f79a20 by security tracker role at 2026-04-02T07:13:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,171 @@ +CVE-2026-5325 (A vulnerability was determined in SourceCodester Simple Customer Relat ...) + TODO: check +CVE-2026-5323 (A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vul ...) + TODO: check +CVE-2026-5322 (A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc5 ...) + TODO: check +CVE-2026-5321 (A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this ...) + TODO: check +CVE-2026-5320 (A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected b ...) + TODO: check +CVE-2026-5319 (A security vulnerability has been detected in itsourcecode Payroll Man ...) + TODO: check +CVE-2026-5318 (A weakness has been identified in LibRaw up to 0.22.0. This impacts th ...) + TODO: check +CVE-2026-5317 (A security flaw has been discovered in Nothings stb up to 1.22. This a ...) + TODO: check +CVE-2026-5316 (A vulnerability was identified in Nothings stb up to 1.22. The impacte ...) + TODO: check +CVE-2026-5315 (A vulnerability was determined in Nothings stb up to 1.26. The affecte ...) + TODO: check +CVE-2026-5314 (A vulnerability was found in Nothings stb up to 1.26. Impacted is the ...) + TODO: check +CVE-2026-5313 (A vulnerability has been found in Nothings stb up to 2.30. This issue ...) + TODO: check +CVE-2026-5312 (A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-5311 (A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-3 ...) + TODO: check +CVE-2026-4820 (IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the ...) + TODO: check +CVE-2026-4759 + REJECTED +CVE-2026-4364 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...) + TODO: check +CVE-2026-4347 (The MW WP Form plugin for WordPress is vulnerable to arbitrary file mo ...) + TODO: check +CVE-2026-4101 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...) + TODO: check +CVE-2026-3987 (A path traversal vulnerability in the Fireware OS Web UI on WatchGuard ...) + TODO: check +CVE-2026-3882 + REJECTED +CVE-2026-34873 (An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impers ...) + TODO: check +CVE-2026-34872 (An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and ...) + TODO: check +CVE-2026-34750 (Payload is a free and open source headless content management system. ...) + TODO: check +CVE-2026-34749 (Payload is a free and open source headless content management system. ...) + TODO: check +CVE-2026-34748 (Payload is a free and open source headless content management system. ...) + TODO: check +CVE-2026-34747 (Payload is a free and open source headless content management system. ...) + TODO: check +CVE-2026-34746 (Payload is a free and open source headless content management system. ...) + TODO: check +CVE-2026-34572 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34571 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34570 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34569 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34568 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34567 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34566 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34565 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34564 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34563 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34562 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34561 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34560 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34559 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34545 (OpenEXR provides the speci
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e337440 by security tracker role at 2026-04-01T19:13:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = The diff for this file was not included because it is too large. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e33744062ee83748f901ad05212771ba976e3e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e33744062ee83748f901ad05212771ba976e3e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e6a7e03 by security tracker role at 2026-04-01T07:13:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,511 @@ +CVE-2026-5258 (A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the fu ...) + TODO: check +CVE-2026-5257 (A vulnerability has been found in code-projects Simple Laundry System ...) + TODO: check +CVE-2026-5256 (A flaw has been found in code-projects Simple Laundry System 1.0. This ...) + TODO: check +CVE-2026-5255 (A vulnerability was detected in code-projects Simple Laundry System 1. ...) + TODO: check +CVE-2026-5254 (A security vulnerability has been detected in welovemedia FFmate up to ...) + TODO: check +CVE-2026-5253 (A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by ...) + TODO: check +CVE-2026-5252 (A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected ...) + TODO: check +CVE-2026-5251 (A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts a ...) + TODO: check +CVE-2026-5249 (A vulnerability was found in gougucms 4.08.18. This impacts an unknown ...) + TODO: check +CVE-2026-5248 (A vulnerability has been found in gougucms 4.08.18. This affects the f ...) + TODO: check +CVE-2026-5240 (A security vulnerability has been detected in code-projects BloodBank ...) + TODO: check +CVE-2026-5238 (A weakness has been identified in itsourcecode Payroll Management Syst ...) + TODO: check +CVE-2026-5237 (A security flaw has been discovered in itsourcecode Payroll Management ...) + TODO: check +CVE-2026-5236 (A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Af ...) + TODO: check +CVE-2026-5235 (A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. Th ...) + TODO: check +CVE-2026-5215 (A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-5214 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...) + TODO: check +CVE-2026-5213 (A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-5212 (A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-5211 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, ...) + TODO: check +CVE-2026-5210 (A vulnerability was detected in SourceCodester Leave Application Syste ...) + TODO: check +CVE-2026-5209 (A security vulnerability has been detected in SourceCodester Leave App ...) + TODO: check +CVE-2026-5206 (A security vulnerability has been detected in code-projects Simple Gym ...) + TODO: check +CVE-2026-5205 (A vulnerability was identified in chatwoot up to 4.11.2. Affected by t ...) + TODO: check +CVE-2026-5204 (A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the ...) + TODO: check +CVE-2026-5203 (A vulnerability was found in CMS Made Simple up to 2.2.22. This impact ...) + TODO: check +CVE-2026-5201 (A flaw was found in the gdk-pixbuf library. This heap-based buffer ove ...) + TODO: check +CVE-2026-5198 (A vulnerability was determined in code-projects Student Membership Sys ...) + TODO: check +CVE-2026-5197 (A vulnerability was found in code-projects Student Membership System 1 ...) + TODO: check +CVE-2026-5196 (A vulnerability has been found in code-projects Student Membership Sys ...) + TODO: check +CVE-2026-5195 (A flaw has been found in code-projects Student Membership System 1.0. ...) + TODO: check +CVE-2026-5190 (Out-of-bounds write in the streaming decoder component in aws-c-event- ...) + TODO: check +CVE-2026-5186 (A weakness has been identified in Nothings stb up to 2.30. This impact ...) + TODO: check +CVE-2026-4947 (Addressed a potential insecure direct object reference (IDOR) vulnerab ...) + TODO: check +CVE-2026-4819 (In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging ...) + TODO: check +CVE-2026-4818 (In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an i ...) + TODO: check +CVE-2026-4800 (Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHS ...) + TODO: check +CVE-2026-4799 (In Search Guard FLX up to version 4.0.1, it is possible to use special ...) + TODO: check +CVE-2026-4748 (A regression in the way hashes were calculated caused rules containing ...) + TODO: check +CVE-2026-4668 (The Booking for Appointments and Events Calendar - Amelia plugin for W ...) + TODO: check +CVE-2026-4400 (Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot M ...) + TODO: check +CVE-2026-4399
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ede2c45d by security tracker role at 2026-03-31T07:13:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,157 @@ +CVE-2026-5185 (A security flaw has been discovered in Nothings stb_image up to 2.30. ...) + TODO: check +CVE-2026-5184 (A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The i ...) + TODO: check +CVE-2026-5183 (A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The a ...) + TODO: check +CVE-2026-5182 (A vulnerability was found in SourceCodester Teacher Record System 1.0. ...) + TODO: check +CVE-2026-5181 (A vulnerability has been found in SourceCodester Simple Doctors Appoin ...) + TODO: check +CVE-2026-5180 (A flaw has been found in SourceCodester Simple Doctors Appointment Sys ...) + TODO: check +CVE-2026-5179 (A vulnerability was detected in SourceCodester Simple Doctors Appointm ...) + TODO: check +CVE-2026-5178 (A security vulnerability has been detected in Totolink A3300R 17.0.0cu ...) + TODO: check +CVE-2026-5177 (A weakness has been identified in Totolink A3300R 17.0.0cu.557_b202210 ...) + TODO: check +CVE-2026-5176 (A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b2 ...) + TODO: check +CVE-2026-5157 (A vulnerability was identified in code-projects Online Food Ordering S ...) + TODO: check +CVE-2026-5156 (A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the ...) + TODO: check +CVE-2026-5155 (A vulnerability was found in Tenda CH22 1.0.0.1. This affects the func ...) + TODO: check +CVE-2026-5154 (A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacte ...) + TODO: check +CVE-2026-5153 (A flaw has been found in Tenda CH22 1.0.0.1. The affected element is t ...) + TODO: check +CVE-2026-5152 (A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the fu ...) + TODO: check +CVE-2026-5150 (A security vulnerability has been detected in code-projects Accounting ...) + TODO: check +CVE-2026-5148 (A weakness has been identified in YunaiV yudao-cloud up to 2026.01. Th ...) + TODO: check +CVE-2026-5130 (The Debugger & Troubleshooter plugin for WordPress was vulnerable to U ...) + TODO: check +CVE-2026-5115 (The PaperCut NG/MF (specifically, the embedded application for Konica ...) + TODO: check +CVE-2026-4794 (Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF ...) + TODO: check +CVE-2026-4789 (Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unre ...) + TODO: check +CVE-2026-4257 (The Contact Form by Supsystic plugin for WordPress is vulnerable to Se ...) + TODO: check +CVE-2026-4146 (The Loco Translate plugin for WordPress is vulnerable to Reflected Cro ...) + TODO: check +CVE-2026-4020 (The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Infor ...) + TODO: check +CVE-2026-3881 (The Performance Monitor WordPress plugin through 1.0.6 does not valida ...) + TODO: check +CVE-2026-3300 (The Everest Forms Pro plugin for WordPress is vulnerable to Remote Cod ...) + TODO: check +CVE-2026-34881 (OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Se ...) + TODO: check +CVE-2026-34558 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34557 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...) + TODO: check +CVE-2026-34073 (cryptography is a package designed to expose cryptographic primitives ...) + TODO: check +CVE-2026-34070 (LangChain is a framework for building agents and LLM-powered applicati ...) + TODO: check +CVE-2026-34060 (Ruby LSP is an implementation of the language server protocol for Ruby ...) + TODO: check +CVE-2026-34054 (vcpkg is a free and open-source C/C++ package manager. Prior to versio ...) + TODO: check +CVE-2026-34043 (Serialize JavaScript to a superset of JSON that includes regular expre ...) + TODO: check +CVE-2026-34042 (act is a project which allows for local running of github actions. Pri ...) + TODO: check +CVE-2026-34041 (act is a project which allows for local running of github actions. Pri ...) + TODO: check +CVE-2026-34040 (Moby is an open source container framework. Prior to version 29.3.1, a ...) + TODO: check +CVE-2026-34036 (Dolibarr is an enterprise resource planning (ERP) and customer relatio ...) + TODO: check +CVE-2026-33997 (Moby is an open source container framework. Prior to version 29.3.1, a ...) + TODO: check +CVE-2026-33026 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...) + TODO: check +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 18bc31ec by security tracker role at 2026-03-30T19:14:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,165 @@ +CVE-2026-5170 (A user with access to the cluster with a limited set of privilege acti ...) + TODO: check +CVE-2026-5165 (A flaw was found in virtio-win, specifically within the VirtIO Block ( ...) + TODO: check +CVE-2026-5164 (A flaw was found in virtio-win. The `RhelDoUnMap()` function does not ...) + TODO: check +CVE-2026-5147 (A security flaw has been discovered in YunaiV yudao-cloud up to 2026.0 ...) + TODO: check +CVE-2026-5128 (A sensitive information exposure vulnerability exists in ArthurFiorett ...) + TODO: check +CVE-2026-5126 (A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected ...) + TODO: check +CVE-2026-5125 (A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Aff ...) + TODO: check +CVE-2026-5124 (A security vulnerability has been detected in osrg GoBGP up to 4.3.0. ...) + TODO: check +CVE-2026-5123 (A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts ...) + TODO: check +CVE-2026-5122 (A security flaw has been discovered in osrg GoBGP up to 4.3.0. This af ...) + TODO: check +CVE-2026-5121 (A flaw was found in libarchive. On 32-bit systems, an integer overflow ...) + TODO: check +CVE-2026-4425 + REJECTED +CVE-2026-4416 (The Performance Library component of Gigabyte Control Center has an In ...) + TODO: check +CVE-2026-4415 (Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Wr ...) + TODO: check +CVE-2026-4315 (A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fi ...) + TODO: check +CVE-2026-4266 (An Insecure Deserialization vulnerability in WatchGuard Fireware OS al ...) + TODO: check +CVE-2026-4046 (The iconv() function in the GNU C Library versions 2.43 and earlier ma ...) + TODO: check +CVE-2026-3991 (Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16. ...) + TODO: check +CVE-2026-3945 (An integer overflow vulnerability in the HTTP chunked transfer encodin ...) + TODO: check +CVE-2026-3502 (TrueConf Client downloads application update code and applies it witho ...) + TODO: check +CVE-2026-3321 (A vulnerability of authorization bypass through user-controlled key in ...) + TODO: check +CVE-2026-34714 (Vim before 9.2.0272 allows code execution that happens immediately upo ...) + TODO: check +CVE-2026-34472 (Unauthenticated credential disclosure in the wizard interface in ZTE Z ...) + TODO: check +CVE-2026-33643 (SQL Injection vulnerability in SchemaHero 0.23.0 via the column parame ...) + TODO: check +CVE-2026-33373 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...) + TODO: check +CVE-2026-33032 (Nginx UI is a web user interface for the Nginx web server. In versions ...) + TODO: check +CVE-2026-33030 (Nginx UI is a web user interface for the Nginx web server. In versions ...) + TODO: check +CVE-2026-33029 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...) + TODO: check +CVE-2026-33028 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...) + TODO: check +CVE-2026-33027 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...) + TODO: check +CVE-2026-30566 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...) + TODO: check +CVE-2026-30565 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...) + TODO: check +CVE-2026-30564 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...) + TODO: check +CVE-2026-30563 (A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCode ...) + TODO: check +CVE-2026-30562 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...) + TODO: check +CVE-2026-30561 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...) + TODO: check +CVE-2026-30560 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...) + TODO: check +CVE-2026-30559 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...) + TODO: check +CVE-2026-30558 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...) + TODO: check +CVE-2026-30557 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...) + TODO: check +CVE-2026-30556 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...) + TODO: check +CVE-2026-30082 (Multiple stored cross-site scripting (XSS) vulnerabilities
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b2c7cef1 by security tracker role at 2026-03-30T07:14:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,29 @@
+CVE-2026-5119 (A flaw was found in libsoup. When establishing HTTPS tunnels
through a ...)
+ TODO: check
+CVE-2026-5107 (A vulnerability has been found in FRRouting FRR up to 10.5.1.
This aff ...)
+ TODO: check
+CVE-2026-5106 (A flaw has been found in code-projects Exam Form Submission
1.0. The i ...)
+ TODO: check
+CVE-2026-5105 (A vulnerability was detected in Totolink A3300R
17.0.0cu.557_b20221024 ...)
+ TODO: check
+CVE-2026-5104 (A security vulnerability has been detected in Totolink A3300R
17.0.0cu ...)
+ TODO: check
+CVE-2026-5103 (A weakness has been identified in Totolink A3300R
17.0.0cu.557_b202210 ...)
+ TODO: check
+CVE-2026-5102 (A security flaw has been discovered in Totolink A3300R
17.0.0cu.557_b2 ...)
+ TODO: check
+CVE-2026-5101 (A vulnerability was identified in Totolink A3300R
17.0.0cu.557_b202210 ...)
+ TODO: check
+CVE-2026-4946 (Ghidra versions prior to 12.0.3 improperly process annotation
directiv ...)
+ TODO: check
+CVE-2026-3124 (The Download Monitor plugin for WordPress is vulnerable to
Insecure Di ...)
+ TODO: check
+CVE-2026-2370 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2025-7741 (Hardcoded Password Vulnerability have been found in
CENTUM.Affected pr ...)
+ TODO: check
+CVE-2025-15036 (A path traversal vulnerability exists in the
`extract_archive_to_dir` ...)
+ TODO: check
CVE-2026-33691 [Whitespace padding in filenames bypasses file upload extension
checks]
- modsecurity-crs 3.3.9-1
NOTE:
https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w
@@ -10443,6 +10469,7 @@ CVE-2026-2923 (GStreamer DVB Subtitles Out-Of-Bounds
Write Remote Code Execution
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/db222d6d7971100a8ba60bd5d10a2233a38ebc46
(1.24 branch)
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6aa055e9606104be1f095896d0b292b06dfb8dd9
(1.24 branch)
CVE-2026-2920 (GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code
Execution ...)
+ {DLA-4516-1}
- gst-plugins-ugly1.0 1.28.1-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0006.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3
(main)
@@ -10450,6 +10477,7 @@ CVE-2026-2920 (GStreamer ASF Demuxer Heap-based Buffer
Overflow Remote Code Exec
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3dc4244f030a0af077b9f87fd8ad50d4032428ef
(1.26.11)
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9f9d1f664546d99e5ca0c3ced216e76dd08b409f
(1.24 branch)
CVE-2026-2922 (GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code
Execution ...)
+ {DLA-4516-1}
- gst-plugins-ugly1.0 1.28.1-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0005.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8a17c9d183ca3cfb5e97ae3b3f344ba79f8859df
(main)
@@ -12934,7 +12962,7 @@ CVE-2026-2219 (It was discovered that dpkg-deb (a
component of dpkg, the Debian
[bullseye] - dpkg (Vulnerable code introduced later)
NOTE: Introduced with:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=2c2f7066bd8c3209762762fa6905fa567b08ca5a
(1.21.18)
NOTE: Fixed by:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313
(1.23.6)
-CVE-2026-4176
+CVE-2026-4176 (Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before
5.42.2- ...)
- perl 5.10.0-21
NOTE: https://lists.security.metacpan.org/cve-announce/msg/38393284/
NOTE: Since perl/5.10.0-20 (in experimental) the packaging uses the
system zlib library.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2c7cef1d36edf9d71a27b8519f9c333d23d0c54
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2c7cef1d36edf9d71a27b8519f9c333d23d0c54
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dcec973b by security tracker role at 2026-03-29T19:13:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,66 @@
-CVE-2026-23400 [rust_binder: call set_notification_done() without proc lock]
+CVE-2026-5046 (A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected
is the f ...)
+ TODO: check
+CVE-2026-5045 (A vulnerability was detected in Tenda FH1201 1.2.0.14(408).
This impac ...)
+ TODO: check
+CVE-2026-5044 (A security vulnerability has been detected in Belkin F9K1122
1.00.33. ...)
+ TODO: check
+CVE-2026-5043 (A weakness has been identified in Belkin F9K1122 1.00.33. The
impacted ...)
+ TODO: check
+CVE-2026-5042 (A security flaw has been discovered in Belkin F9K1122 1.00.33.
The aff ...)
+ TODO: check
+CVE-2026-5041 (A vulnerability was identified in code-projects Chamber of
Commerce Me ...)
+ TODO: check
+CVE-2026-5037 (A vulnerability was determined in mxml up to 4.0.4. This issue
affects ...)
+ TODO: check
+CVE-2026-5036 (A vulnerability was found in Tenda 4G06 04.06.01.29. This
vulnerabilit ...)
+ TODO: check
+CVE-2026-34005 (In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P)
4.03.R11 ...)
+ TODO: check
+CVE-2026-33575 (OpenClaw before 2026.3.12 embeds long-lived shared gateway
credentials ...)
+ TODO: check
+CVE-2026-33574 (OpenClaw before 2026.3.8 contains a path traversal
vulnerability in th ...)
+ TODO: check
+CVE-2026-33573 (OpenClaw before 2026.3.11 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-33572 (OpenClaw before 2026.2.17 creates session transcript JSONL
files with ...)
+ TODO: check
+CVE-2026-32987 (OpenClaw before 2026.3.13 allows bootstrap setup codes to be
replayed ...)
+ TODO: check
+CVE-2026-32980 (OpenClaw before 2026.3.13 reads and buffers Telegram webhook
request b ...)
+ TODO: check
+CVE-2026-32979 (OpenClaw before 2026.3.11 contains an approval integrity
vulnerability ...)
+ TODO: check
+CVE-2026-32978 (OpenClaw before 2026.3.11 contains an approval integrity
vulnerability ...)
+ TODO: check
+CVE-2026-32975 (OpenClaw before 2026.3.12 contains a weak authorization
vulnerability ...)
+ TODO: check
+CVE-2026-32974 (OpenClaw before 2026.3.12 contains an authentication bypass
vulnerabil ...)
+ TODO: check
+CVE-2026-32973 (OpenClaw before 2026.3.11 contains an exec allowlist bypass
vulnerabil ...)
+ TODO: check
+CVE-2026-32972 (OpenClaw before 2026.3.11 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-32924 (OpenClaw before 2026.3.12 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-32923 (OpenClaw before 2026.3.11 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-32922 (OpenClaw before 2026.3.11 contains a privilege escalation
vulnerabilit ...)
+ TODO: check
+CVE-2026-32919 (OpenClaw before 2026.3.11 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-32918 (OpenClaw before 2026.3.11 contains a session sandbox escape
vulnerabil ...)
+ TODO: check
+CVE-2026-32915 (OpenClaw before 2026.3.11 contains a sandbox boundary bypass
vulnerabi ...)
+ TODO: check
+CVE-2026-32914 (OpenClaw before 2026.3.12 contains an insufficient access
control vuln ...)
+ TODO: check
+CVE-2026-0562 (A critical security vulnerability in parisneo/lollms versions
up to 2. ...)
+ TODO: check
+CVE-2026-0560 (A Server-Side Request Forgery (SSRF) vulnerability exists in
parisneo/ ...)
+ TODO: check
+CVE-2026-0558 (A vulnerability in parisneo/lollms, up to and including version
2.2.0, ...)
+ TODO: check
+CVE-2026-23400 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.19.10-1
[trixie] - linux (Vulnerable code not present)
[bookworm] - linux (Vulnerable code not present)
@@ -843,6 +905,7 @@ CVE-2026-3650 (A memory leak exists in the Grassroots DICOM
library (GDCM). The
CVE-2026-1556 (Information disclosure in the file URI processing of File
(Field) Path ...)
- drupal7
CVE-2026-33542 (Incus is a system container and virtual machine manager. Prior
to vers ...)
+ {DSA-6184-1}
- incus 6.0.6-2
- lxd
NOTE: https://github.com/lxc/incus/pull/3092
@@ -854,11 +917,13 @@ CVE-2026-33711 (Incus is a system container and virtual
machine manager. Incus p
NOTE: Kernel hardening with fs.protected_symlinks protects against
exploiting
NOTE: the issue.
CVE-2026-33743 (Incus is a system container and virtual machine manager. Prior
to vers ...)
+ {DSA-6184-1}
- incus 6.0.6-2
- lxd (Vulnerable code not pre
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4bd586cb by security tracker role at 2026-03-29T07:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,37 @@
+CVE-2026-5035 (A vulnerability has been found in code-projects Accounting
System 1.0. ...)
+ TODO: check
+CVE-2026-5034 (A flaw has been found in code-projects Accounting System 1.0.
Affected ...)
+ TODO: check
+CVE-2026-5033 (A vulnerability was detected in code-projects Accounting System
1.0. A ...)
+ TODO: check
+CVE-2026-5031 (A vulnerability was found in BichitroGan ISP Billing Software
2025.3.2 ...)
+ TODO: check
+CVE-2026-5030 (A vulnerability has been found in Totolink NR1800X
9.1.0u.6279_B202109 ...)
+ TODO: check
+CVE-2026-5024 (A vulnerability was found in D-Link DIR-513 1.10. This issue
affects t ...)
+ TODO: check
+CVE-2026-5023 (A vulnerability has been found in DeDeveloper23 codebase-mcp up
to 3ec ...)
+ TODO: check
+CVE-2026-5021 (A flaw has been found in Tenda F453 1.0.0.3. This affects the
function ...)
+ TODO: check
+CVE-2026-5020 (A vulnerability was detected in Totolink A3600R
4.1.2cu.5182_B20201102 ...)
+ TODO: check
+CVE-2026-5019 (A security vulnerability has been detected in code-projects
Simple Foo ...)
+ TODO: check
+CVE-2026-5018 (A weakness has been identified in code-projects Simple Food
Order Syst ...)
+ TODO: check
+CVE-2026-5017 (A security flaw has been discovered in code-projects Simple
Food Order ...)
+ TODO: check
+CVE-2026-5016 (A vulnerability was identified in elecV2 elecV2P up to 3.8.3.
This aff ...)
+ TODO: check
+CVE-2026-5015 (A vulnerability was determined in elecV2 elecV2P up to 3.8.3.
The impa ...)
+ TODO: check
+CVE-2026-5014 (A vulnerability was found in elecV2 elecV2P up to 3.8.3. The
affected ...)
+ TODO: check
+CVE-2026-4851 (GRID::Machine versions through 0.127 for Perl allows arbitrary
code ex ...)
+ TODO: check
+CVE-2026-2602 (The Twentig plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
CVE-2026-5013 (A vulnerability has been found in elecV2 elecV2P up to 3.8.3.
Impacted ...)
NOT-FOR-US: elecV2 elecV2P
CVE-2026-5012 (A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue
affect ...)
@@ -926940,6 +926974,7 @@ CVE-2006-10002 (XML::Parser versions through 2.45 for
Perl could overflow the pr
NOTE: Additional improvement:
https://github.com/cpan-authors/XML-Parser/commit/5361c2b7f48599718cdecbe50c5fdd88b28ffd79
(2.48)
NOTE: Issue was originally fixed in 2.34-4.2 but was lost with the
2.40-1 rebases.
CVE-2006-10003 (XML::Parser versions through 2.47 for Perl has an off-by-one
heap buff ...)
+ {DSA-6182-1}
- libxml-parser-perl 2.47-2 (bug #378412; medium)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/38106362/
NOTE: https://rt.cpan.org/Ticket/Display.html?id=19860
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bd586cb5d718b835d41497eeb93f887b500dc7f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bd586cb5d718b835d41497eeb93f887b500dc7f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bde25e69 by security tracker role at 2026-03-28T20:13:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,92 @@ -CVE-2026-3256 +CVE-2026-5013 (A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted ...) + TODO: check +CVE-2026-5012 (A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affect ...) + TODO: check +CVE-2026-5011 (A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulne ...) + TODO: check +CVE-2026-5007 (A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Aff ...) + TODO: check +CVE-2026-5004 (A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This im ...) + TODO: check +CVE-2026-5003 (A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b ...) + TODO: check +CVE-2026-5002 (A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d ...) + TODO: check +CVE-2026-5001 (A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b2 ...) + TODO: check +CVE-2026-5000 (A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d17 ...) + TODO: check +CVE-2026-4999 (A security vulnerability has been detected in z-9527 admin up to 72aaf ...) + TODO: check +CVE-2026-4998 (A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. Th ...) + TODO: check +CVE-2026-4997 (A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0. ...) + TODO: check +CVE-2026-4996 (A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Af ...) + TODO: check +CVE-2026-4995 (A vulnerability was determined in wandb OpenUI up to 1.0. Affected by ...) + TODO: check +CVE-2026-4994 (A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected ...) + TODO: check +CVE-2026-4993 (A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This ...) + TODO: check +CVE-2026-2595 (The Quads Ads Manager for Google AdSense plugin for WordPress is vulne ...) + TODO: check +CVE-2026-2442 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...) + TODO: check +CVE-2025-9497 (Use of Hard-coded Credentials vulnerability in Microchip Time Provider ...) + TODO: check +CVE-2018-25225 (SIPP 3.3 contains a stack-based buffer overflow vulnerability that all ...) + TODO: check +CVE-2018-25224 (PMS 0.42 contains a stack-based buffer overflow vulnerability that all ...) + TODO: check +CVE-2018-25223 (Crashmail 1.6 contains a stack-based buffer overflow vulnerability tha ...) + TODO: check +CVE-2018-25222 (SC v7.16 contains a stack-based buffer overflow vulnerability that all ...) + TODO: check +CVE-2018-25221 (EChat Server 3.1 contains a buffer overflow vulnerability in the chat. ...) + TODO: check +CVE-2018-25220 (Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that ...) + TODO: check +CVE-2017-20229 (MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnera ...) + TODO: check +CVE-2017-20228 (Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerab ...) + TODO: check +CVE-2017-20227 (JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buf ...) + TODO: check +CVE-2017-20226 (Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability tha ...) + TODO: check +CVE-2017-20225 (TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerabil ...) + TODO: check +CVE-2016-20049 (JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vul ...) + TODO: check +CVE-2016-20048 (iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that ...) + TODO: check +CVE-2016-20047 (EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerabi ...) + TODO: check +CVE-2016-20046 (zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerabilit ...) + TODO: check +CVE-2016-20045 (HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability ...) + TODO: check +CVE-2016-20044 (PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that al ...) + TODO: check +CVE-2016-20043 (NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability ...) + TODO: check +CVE-2016-20042 (TRN 3.6-23 contains a stack buffer overflow vulnerability that allows ...) + TODO: check +CVE-2016-20041 (Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows loca ...) + TODO: check +CVE-2016-20040 (TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in th ...) + TODO: check +CVE-2016-20039 (Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulne ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e43e2d9e by security tracker role at 2026-03-28T08:13:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,83 +1,659 @@
-CVE-2026-33375
+CVE-2026-5027 (The 'POST /api/v2/files' endpoint does not sanitize the
'filename' par ...)
+ TODO: check
+CVE-2026-5026 (The '/api/v1/files/images/{flow_id}/{file_name}' endpoint
serves SVG f ...)
+ TODO: check
+CVE-2026-5025 (The '/logs' and '/logs-stream' endpoints in the log router
allow any a ...)
+ TODO: check
+CVE-2026-5022 (The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does
not enf ...)
+ TODO: check
+CVE-2026-5010 (A reflected Cross-Site Scripting (XSS) vulnerability has been
discover ...)
+ TODO: check
+CVE-2026-4992 (A flaw has been found in wandb OpenUI up to 1.0. This affects
the func ...)
+ TODO: check
+CVE-2026-4991 (A vulnerability was detected in QDOCS Smart School Management
System u ...)
+ TODO: check
+CVE-2026-4990 (A security vulnerability has been detected in chatwoot up to
4.11.1. T ...)
+ TODO: check
+CVE-2026-4988 (A security flaw has been discovered in Open5GS 2.7.6. This
issue affec ...)
+ TODO: check
+CVE-2026-4987 (The SureForms \u2013 Contact Form, Payment Form & Other Custom
Form Bu ...)
+ TODO: check
+CVE-2026-4985 (A vulnerability was identified in dloebl CGIF up to 0.5.2. This
vulner ...)
+ TODO: check
+CVE-2026-4984 (The Twilio integration webhook handler accepts any POST request
withou ...)
+ TODO: check
+CVE-2026-4982 (A user with permission "update world" in any Venueless world is
able t ...)
+ TODO: check
+CVE-2026-4980 (A local file disclosure vulnerability in the XInclude
processing compo ...)
+ TODO: check
+CVE-2026-4976 (A vulnerability was found in Totolink LR350
9.3.5u.6369_B20220309. Thi ...)
+ TODO: check
+CVE-2026-4975 (A vulnerability has been found in Tenda AC15 15.03.05.19. This
affects ...)
+ TODO: check
+CVE-2026-4974 (A flaw has been found in Tenda AC7 15.03.06.44. Affected by
this issue ...)
+ TODO: check
+CVE-2026-4973 (A vulnerability was detected in SourceCodester Online Quiz
System up t ...)
+ TODO: check
+CVE-2026-4972 (A security vulnerability has been detected in code-projects
Online Rev ...)
+ TODO: check
+CVE-2026-4971 (A weakness has been identified in SourceCodester Note Taking
App up to ...)
+ TODO: check
+CVE-2026-4970 (A security flaw has been discovered in code-projects Social
Networking ...)
+ TODO: check
+CVE-2026-4969 (A vulnerability was identified in code-projects Social
Networking Site ...)
+ TODO: check
+CVE-2026-4968 (A vulnerability was determined in SourceCodester Diary App 1.0.
The af ...)
+ TODO: check
+CVE-2026-4966 (A flaw has been found in itsourcecode Free Hotel Reservation
System 1. ...)
+ TODO: check
+CVE-2026-4965 (A vulnerability was detected in letta-ai letta 0.16.4. This
issue affe ...)
+ TODO: check
+CVE-2026-4964 (A security vulnerability has been detected in letta-ai letta
0.16.4. T ...)
+ TODO: check
+CVE-2026-4963 (A weakness has been identified in huggingface smolagents
1.25.0.dev0. ...)
+ TODO: check
+CVE-2026-4962 (A security flaw has been discovered in UltraVNC up to 1.6.4.0.
Affecte ...)
+ TODO: check
+CVE-2026-4961 (A vulnerability was identified in Tenda AC6 15.03.05.16.
Affected by t ...)
+ TODO: check
+CVE-2026-4960 (A vulnerability was determined in Tenda AC6 15.03.05.16.
Affected is t ...)
+ TODO: check
+CVE-2026-4959 (A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts
the fu ...)
+ TODO: check
+CVE-2026-4958 (A vulnerability has been found in OpenBMB XAgent 1.0.0. This
affects t ...)
+ TODO: check
+CVE-2026-4957 (A flaw has been found in OpenBMB XAgent 1.0.0. The impacted
element is ...)
+ TODO: check
+CVE-2026-4956 (A vulnerability was detected in Shenzhen Ruiming Technology
Streamax C ...)
+ TODO: check
+CVE-2026-4955 (A vulnerability was found in Shenzhen Ruiming Technology
Streamax Croc ...)
+ TODO: check
+CVE-2026-4954 (A security vulnerability has been detected in mingSoft MCMS up
to 5.5. ...)
+ TODO: check
+CVE-2026-4953 (A weakness has been identified in mingSoft MCMS up to 5.5.0.
This issu ...)
+ TODO: check
+CVE-2026-4933 (Incorrect Authorization vulnerability in Drupal Unpublished
Node Permi ...)
+ TODO: check
+CVE-2026-4910 (A security vulnerability has been detected in Shenzhen Ruiming
Technol ...)
+ TODO: check
+CVE-2026-4909 (A weakness has been identified in code-projects Exam Form
Submission 1 ...)
+ TODO: check
+CVE-2026-4908 (A security flaw has been discovered in code-projects Simple
Laundry Sy ...)
+ TODO: chec
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92e6c954 by security tracker role at 2026-03-26T20:15:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,325 @@ -CVE-2026-23398 [icmp: fix NULL pointer dereference in icmp_tag_validation()] +CVE-2026-4926 (Impact: A bad regular expression is generated any time you have multi ...) + TODO: check +CVE-2026-4923 (Impact: When using multiple wildcards, combined with at least one par ...) + TODO: check +CVE-2026-4897 (A flaw was found in polkit. A local user can exploit this by providing ...) + TODO: check +CVE-2026-4887 (A flaw was found in GIMP. This issue is a heap buffer over-read in GIM ...) + TODO: check +CVE-2026-4877 (A security flaw has been discovered in itsourcecode Payroll Management ...) + TODO: check +CVE-2026-4876 (A vulnerability was identified in itsourcecode Free Hotel Reservation ...) + TODO: check +CVE-2026-4875 (A vulnerability was determined in itsourcecode Free Hotel Reservation ...) + TODO: check +CVE-2026-4867 (Impact: A bad regular expression is generated any time you have three ...) + TODO: check +CVE-2026-4862 (A security vulnerability has been detected in UTT HiPER 1250GW up to 3 ...) + TODO: check +CVE-2026-4861 (A weakness has been identified in Wavlink WL-NU516U1 260227. This vuln ...) + TODO: check +CVE-2026-4860 (A security flaw has been discovered in 648540858 wvp-GB28181-pro up to ...) + TODO: check +CVE-2026-4809 (plank/laravel-mediable through version 6.4.0 can allow upload of a dan ...) + TODO: check +CVE-2026-4274 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...) + TODO: check +CVE-2026-4263 (Vulnerability of incorrect authorization inHiJiffy Chatbot allows an a ...) + TODO: check +CVE-2026-4262 (Vulnerability of incorrect authorization inHiJiffy Chatbot allows an a ...) + TODO: check +CVE-2026-3116 (Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fai ...) + TODO: check +CVE-2026-3115 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...) + TODO: check +CVE-2026-3114 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...) + TODO: check +CVE-2026-3113 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...) + TODO: check +CVE-2026-3112 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...) + TODO: check +CVE-2026-3109 (Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook ...) + TODO: check +CVE-2026-3108 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...) + TODO: check +CVE-2026-34071 (Stirling-PDF is a locally hosted web application that allows you to pe ...) + TODO: check +CVE-2026-33732 (srvx is a universal server based on web standards. Prior to version 0. ...) + TODO: check +CVE-2026-33632 (ClearanceKit intercepts file-system access events on macOS and enforce ...) + TODO: check +CVE-2026-33631 (ClearanceKit intercepts file-system access events on macOS and enforce ...) + TODO: check +CVE-2026-33536 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-33535 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-33532 (`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML ...) + TODO: check +CVE-2026-33531 (InvenTree is an Open Source Inventory Management System. Prior to vers ...) + TODO: check +CVE-2026-33530 (InvenTree is an Open Source Inventory Management System. Prior to vers ...) + TODO: check +CVE-2026-33529 (Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Pr ...) + TODO: check +CVE-2026-33528 (GoDoxy is a reverse proxy and container orchestrator for self-hosters. ...) + TODO: check +CVE-2026-33525 (Authelia is an open-source authentication and authorization server pro ...) + TODO: check +CVE-2026-33506 (Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML ...) + TODO: check +CVE-2026-33505 (Ory Keto is am open source authorization server for managing permissio ...) + TODO: check +CVE-2026-33504 (Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to ...) + TODO: check +CVE-2026-33503 (Ory Kratos is an identity, user management and authentication system f ...) + TODO: check +CVE-2026-33496 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control ...) + TODO: check +CVE-2026-33495 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control ...) + TODO: check +CVE-2026-33494 (ORY Oathkeeper
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ab4cc6c by security tracker role at 2026-03-26T08:13:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,209 @@ +CVE-2026-4874 (A flaw was found in Keycloak. An authenticated attacker can perform Se ...) + TODO: check +CVE-2026-4850 (A security flaw has been discovered in code-projects Simple Laundry Sy ...) + TODO: check +CVE-2026-4849 (A vulnerability was identified in code-projects Simple Laundry System ...) + TODO: check +CVE-2026-4848 (A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. Thi ...) + TODO: check +CVE-2026-4847 (A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impa ...) + TODO: check +CVE-2026-4846 (A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The ...) + TODO: check +CVE-2026-4845 (A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is ...) + TODO: check +CVE-2026-4844 (A vulnerability was detected in code-projects Online Food Ordering Sys ...) + TODO: check +CVE-2026-4842 (A security vulnerability has been detected in itsourcecode Online Enro ...) + TODO: check +CVE-2026-4841 (A weakness has been identified in code-projects Online Food Ordering S ...) + TODO: check +CVE-2026-4840 (A security flaw has been discovered in Netcore Power 15AX up to 3.0.0. ...) + TODO: check +CVE-2026-4839 (A vulnerability has been found in SourceCodester Food Ordering System ...) + TODO: check +CVE-2026-4838 (A flaw has been found in SourceCodester Malawi Online Market 1.0. The ...) + TODO: check +CVE-2026-4836 (A vulnerability was detected in code-projects Accounting System 1.0. T ...) + TODO: check +CVE-2026-4835 (A security vulnerability has been detected in code-projects Accounting ...) + TODO: check +CVE-2026-4833 (A weakness has been identified in Orc discount up to 3.0.1.2. This iss ...) + TODO: check +CVE-2026-4831 (A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted ...) + TODO: check +CVE-2026-4830 (A vulnerability was identified in kalcaddle kodbox 1.64. This issue af ...) + TODO: check +CVE-2026-4826 (A vulnerability was determined in SourceCodester Sales and Inventory S ...) + TODO: check +CVE-2026-4825 (A vulnerability was found in SourceCodester Sales and Inventory System ...) + TODO: check +CVE-2026-4824 (A vulnerability has been found in Enter Software Iperius Backup up to ...) + TODO: check +CVE-2026-4823 (A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Af ...) + TODO: check +CVE-2026-4822 (A vulnerability was detected in Enter Software Iperius Backup bis 8.7. ...) + TODO: check +CVE-2026-4758 (The WP Job Portal plugin for WordPress is vulnerable to arbitrary file ...) + TODO: check +CVE-2026-4747 (Each RPCSEC_GSS data packet is validated by a routine which checks a s ...) + TODO: check +CVE-2026-4652 (On a system exposing an NVMe/TCP target, a remote client can trigger a ...) + TODO: check +CVE-2026-4484 (The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Esca ...) + TODO: check +CVE-2026-4389 (The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPr ...) + TODO: check +CVE-2026-4335 (The ShortPixel Image Optimizer plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2026-4331 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...) + TODO: check +CVE-2026-4329 (The Blackhole for Bad Bots plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2026-4281 (The FormLift for Infusionsoft Web Forms plugin for WordPress is vulner ...) + TODO: check +CVE-2026-4278 (The Simple Download Counter plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2026-4247 (When a challenge ACK is to be sent tcp_respond() constructs and sends ...) + TODO: check +CVE-2026-4075 (The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2026-3328 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2026-34056 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-34055 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-34053 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-34051 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-33942 (Saloon is a PHP library that gives users tools to build API integratio ...) + TODO: check +CVE-2026-
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f57ed062 by security tracker role at 2026-03-25T20:13:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,16 +1,710 @@
-CVE-2026-1519 [Excessive NSEC3 iterations cause high CPU load during insecure
delegation validation]
+CVE-2026-4816 (A Reflected Cross Site Scripting (XSS) vulnerability has been
found in ...)
+ TODO: check
+CVE-2026-4815 (A SQL Injection vulnerability has been found in Support Board
v3.7.7. ...)
+ TODO: check
+CVE-2026-4761 (When a certificate and its private key are installed in the
Windows ma ...)
+ TODO: check
+CVE-2026-4760 (From Panorama Web HMI, an attacker can gain read access to
certain Web ...)
+ TODO: check
+CVE-2026-4363 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-3988 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-3857 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-3218 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-3217 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-3216 (Server-Side Request Forgery (SSRF) vulnerability in Drupal
Drupal Canv ...)
+ TODO: check
+CVE-2026-3215 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-3214 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2026-3213 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-3212 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-3211 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme
Negoti ...)
+ TODO: check
+CVE-2026-3210 (Incorrect Authorization vulnerability in Drupal Material Icons
allows ...)
+ TODO: check
+CVE-2026-3126
+ REJECTED
+CVE-2026-34085 (fontconfig before 2.17.1 has an off-by-one error in allocation
during ...)
+ TODO: check
+CVE-2026-33809 (A maliciously crafted TIFF file can cause image decoding to
attempt to ...)
+ TODO: check
+CVE-2026-33751 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-33749 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-33724 (n8n is an open source workflow automation platform. Prior to
version 2 ...)
+ TODO: check
+CVE-2026-33722 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-33720 (n8n is an open source workflow automation platform. Prior to
version 2 ...)
+ TODO: check
+CVE-2026-33713 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-33696 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-33665 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-33663 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-33660 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-33268 (Nanoleaf Lines 12.3.2 does not authenticate firmware file
uploads. A r ...)
+ TODO: check
+CVE-2026-33247 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-33246 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-33219 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-33218 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-33217 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-33216 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-32573 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-32567 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-32562 (Missing Authorization vulnerability in WP Folio Team PPWP
password-pro ...)
+ TODO: check
+CVE-2026-32546 (Missing Authorization vulnerability in StellarWP Restrict
Content rest ...)
+ TODO: check
+CVE-2026-32545 (Improper Neutralization of Input During Web Page Generation
('Cr
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a7d9ccfe by security tracker role at 2026-03-25T08:13:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,247 @@ -CVE-2026-4371 +CVE-2026-4784 (A vulnerability was found in code-projects Simple Laundry System 1.0. ...) + TODO: check +CVE-2026-4783 (A vulnerability has been found in itsourcecode College Management Syst ...) + TODO: check +CVE-2026-4781 (A flaw has been found in SourceCodester Sales and Inventory System 1.0 ...) + TODO: check +CVE-2026-4780 (A vulnerability was detected in SourceCodester Sales and Inventory Sys ...) + TODO: check +CVE-2026-4779 (A security vulnerability has been detected in SourceCodester Sales and ...) + TODO: check +CVE-2026-4778 (A weakness has been identified in SourceCodester Sales and Inventory S ...) + TODO: check +CVE-2026-4777 (A security flaw has been discovered in SourceCodester Sales and Invent ...) + TODO: check +CVE-2026-4766 (The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2026-4433 (An SSH misconfigurations exists in Tenable OT that led to the potentia ...) + TODO: check +CVE-2026-3912 (Injection vulnerabilities due to validation/sanitisation of user-suppl ...) + TODO: check +CVE-2026-33253 (SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows se ...) + TODO: check +CVE-2026-33215 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...) + TODO: check +CVE-2026-32326 (SHARP routers do not perform authentication for some web APIs. The dev ...) + TODO: check +CVE-2026-2343 (The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bul ...) + TODO: check +CVE-2026-2072 (Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics ...) + TODO: check +CVE-2026-28895 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2026-28894 (A denial-of-service issue was addressed with improved input validation ...) + TODO: check +CVE-2026-28893 (A privacy issue was addressed with improved handling of temporary file ...) + TODO: check +CVE-2026-28892 (A permissions issue was addressed by removing the vulnerable code. Thi ...) + TODO: check +CVE-2026-28891 (A race condition was addressed with additional validation. This issue ...) + TODO: check +CVE-2026-28890 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check +CVE-2026-28889 (A permissions issue was addressed with additional restrictions. This i ...) + TODO: check +CVE-2026-2 (A race condition was addressed with improved state handling. This issu ...) + TODO: check +CVE-2026-28886 (A null pointer dereference was addressed with improved input validatio ...) + TODO: check +CVE-2026-28882 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2026-28881 (A privacy issue was addressed by moving sensitive data. This issue is ...) + TODO: check +CVE-2026-28880 (A permissions issue was addressed with additional restrictions. This i ...) + TODO: check +CVE-2026-28879 (A use-after-free issue was addressed with improved memory management. ...) + TODO: check +CVE-2026-28878 (A privacy issue was addressed by removing sensitive data. This issue i ...) + TODO: check +CVE-2026-28877 (An authorization issue was addressed with improved state management. T ...) + TODO: check +CVE-2026-28876 (A parsing issue in the handling of directory paths was addressed with ...) + TODO: check +CVE-2026-28875 (A buffer overflow was addressed with improved bounds checking. This is ...) + TODO: check +CVE-2026-28874 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2026-28871 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2026-28870 (An information leakage was addressed with additional validation. This ...) + TODO: check +CVE-2026-28868 (A logging issue was addressed with improved data redaction. This issue ...) + TODO: check +CVE-2026-28867 (This issue was addressed with improved authentication. This issue is f ...) + TODO: check +CVE-2026-28866 (This issue was addressed with improved validation of symlinks. This is ...) + TODO: check +CVE-2026-28865 (An authentication issue was addressed with improved state management. ...) + TODO: check +CVE-2026-28864 (This issue was addressed with improved permissions checking. This issu ...) + TODO: check +CVE-2026-28863 (A permissions issue was addressed with additional restrictions. Thi
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e8dd26d by security tracker role at 2026-03-24T20:13:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,208 +1,442 @@ -CVE-2026-4721 +CVE-2026-4775 (A flaw was found in the libtiff library. A remote attacker could explo ...) + TODO: check +CVE-2026-4649 (Apache Artemis before version 2.52.0 is affected by an authentication ...) + TODO: check +CVE-2026-33769 (Astro is a web framework. From version 2.10.10 to before version 5.18. ...) + TODO: check +CVE-2026-33768 (Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel ...) + TODO: check +CVE-2026-33700 (Vikunja is an open-source self-hosted task management platform. Prior ...) + TODO: check +CVE-2026-33680 (Vikunja is an open-source self-hosted task management platform. Prior ...) + TODO: check +CVE-2026-33679 (Vikunja is an open-source self-hosted task management platform. Prior ...) + TODO: check +CVE-2026-33678 (Vikunja is an open-source self-hosted task management platform. Prior ...) + TODO: check +CVE-2026-33677 (Vikunja is an open-source self-hosted task management platform. Prior ...) + TODO: check +CVE-2026-33676 (Vikunja is an open-source self-hosted task management platform. Prior ...) + TODO: check +CVE-2026-33675 (Vikunja is an open-source self-hosted task management platform. Prior ...) + TODO: check +CVE-2026-33668 (Vikunja is an open-source self-hosted task management platform. Starti ...) + TODO: check +CVE-2026-33627 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33624 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33554 (ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows o ...) + TODO: check +CVE-2026-33539 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33538 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33527 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33511 (pyLoad is a free and open-source download manager written in Python. F ...) + TODO: check +CVE-2026-33509 (pyLoad is a free and open-source download manager written in Python. F ...) + TODO: check +CVE-2026-33508 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33498 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33497 (Langflow is a tool for building and deploying AI-powered agents and wo ...) + TODO: check +CVE-2026-33484 (Langflow is a tool for building and deploying AI-powered agents and wo ...) + TODO: check +CVE-2026-33475 (Langflow is a tool for building and deploying AI-powered agents and wo ...) + TODO: check +CVE-2026-33474 (Vikunja is an open-source self-hosted task management platform. Starti ...) + TODO: check +CVE-2026-33473 (Vikunja is an open-source self-hosted task management platform. Starti ...) + TODO: check +CVE-2026-33429 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33421 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33419 (MinIO is a high-performance object storage system. Prior to RELEASE.20 ...) + TODO: check +CVE-2026-33418 (DiceBear is an avatar library for designers and developers. Prior to v ...) + TODO: check +CVE-2026-33417 (Wallos is an open-source, self-hostable personal subscription tracker. ...) + TODO: check +CVE-2026-33409 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33407 (Wallos is an open-source, self-hostable personal subscription tracker. ...) + TODO: check +CVE-2026-33401 (Wallos is an open-source, self-hostable personal subscription tracker. ...) + TODO: check +CVE-2026-33400 (Wallos is an open-source, self-hostable personal subscription tracker. ...) + TODO: check +CVE-2026-33399 (Wallos is an open-source, self-hostable personal subscription tracker. ...) + TODO: check +CVE-2026-33353 (Soft Serve is a self-hostable Git server for the command line. From ve ...) + TODO: check +CVE-2026-33349 (fast-xml-parser allows users to process XML from JS object without C/C ...) + TODO: check +CVE-2026-33345 (solidtime is an open-source time-tracking app. Prior to version 0.11.6 ...) + TODO: check +CVE-2026-33344 (Dagu is a workflow engine with a built-in Web user inter
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b3e2358 by security tracker role at 2026-03-24T08:13:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,25 +1,293 @@
-CVE-2026-4680
+CVE-2026-4756 (Out-of-bounds Write vulnerability in MolotovCherry
Android-ImageMagick ...)
+ TODO: check
+CVE-2026-4755 (CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This
issue ...)
+ TODO: check
+CVE-2026-4754 (CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This
issue ...)
+ TODO: check
+CVE-2026-4753 (Out-of-bounds Read vulnerability in slajerek RetroDebugger.This
issue ...)
+ TODO: check
+CVE-2026-4752 (Use After Free vulnerability in No-Chicken Echo-Mate.This issue
affect ...)
+ TODO: check
+CVE-2026-4751 (NULL Pointer Dereference vulnerability in tmate-io tmate.This
issue af ...)
+ TODO: check
+CVE-2026-4750 (Out-of-bounds Read vulnerability in fabiangreffrath woof.This
issue af ...)
+ TODO: check
+CVE-2026-4749 (NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue
affects ...)
+ TODO: check
+CVE-2026-4746 (Out-of-bounds Write vulnerability in timeplus-io proton
(base/poco/Fou ...)
+ TODO: check
+CVE-2026-4745 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-4744 (Out-of-bounds Read vulnerability in rizonesoft Notepad3
(scintilla/oni ...)
+ TODO: check
+CVE-2026-4743 (NULL Pointer Dereference vulnerability in taurusxin ncmdump
(src/utils ...)
+ TODO: check
+CVE-2026-4742 (Inconsistent Interpretation of HTTP Requests ('HTTP
Request/Response S ...)
+ TODO: check
+CVE-2026-4741 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-4739 (Integer Overflow or Wraparound vulnerability in
InsightSoftwareConsort ...)
+ TODO: check
+CVE-2026-4738 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2026-4737 (Use After Free vulnerability in No-Chicken Echo-Mate
(SDK/rv1106-sdk/s ...)
+ TODO: check
+CVE-2026-4736 (Improper Handling of Values vulnerability in No-Chicken
Echo-Mate (SDK ...)
+ TODO: check
+CVE-2026-4735 (Deserialization of Untrusted Data vulnerability in DTStack
chunjun (ch ...)
+ TODO: check
+CVE-2026-4734 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2026-4733 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2026-4732 (Out-of-bounds Read vulnerability in tildearrow furnace
(extern/libsndf ...)
+ TODO: check
+CVE-2026-4731 (Integer Overflow or Wraparound vulnerability in artraweditor
ART (rten ...)
+ TODO: check
+CVE-2026-4681 (A critical remote code execution (RCE) vulnerability has been
reported ...)
+ TODO: check
+CVE-2026-4662 (The JetEngine plugin for WordPress is vulnerable to SQL
Injection via ...)
+ TODO: check
+CVE-2026-4640 (Vitals ESP developed by Galaxy Software Services has a Missing
Authent ...)
+ TODO: check
+CVE-2026-4639 (Vitals ESP developed by Galaxy Software Services has a
Incorrect Autho ...)
+ TODO: check
+CVE-2026-4632 (A weakness has been identified in itsourcecode Online
Enrollment Syste ...)
+ TODO: check
+CVE-2026-4627 (A vulnerability was found in D-Link DIR-825 and DIR-825R
1.0.5/4.5.1. ...)
+ TODO: check
+CVE-2026-4626 (A vulnerability has been found in projectworlds Lawyer
Management Syst ...)
+ TODO: check
+CVE-2026-4625 (A flaw has been found in SourceCodester Online Admission System
1.0. T ...)
+ TODO: check
+CVE-2026-4624 (A vulnerability was detected in SourceCodester Online Library
Manageme ...)
+ TODO: check
+CVE-2026-4623 (A security vulnerability has been detected in DefaultFuction
Jeson-Cus ...)
+ TODO: check
+CVE-2026-4617 (A weakness has been identified in SourceCodester Patients
Waiting Area ...)
+ TODO: check
+CVE-2026-4616 (A security flaw has been discovered in bolo-blog \uae4c\uc9c0
2.6.4. T ...)
+ TODO: check
+CVE-2026-4615 (A vulnerability was identified in SourceCodester Online
Catering Reser ...)
+ TODO: check
+CVE-2026-4614 (A vulnerability was determined in itsourcecode sanitize or
validate th ...)
+ TODO: check
+CVE-2026-4613 (A vulnerability was found in SourceCodester E-Commerce Site
1.0. This ...)
+ TODO: check
+CVE-2026-4612 (A vulnerability has been found in itsourcecode Free Hotel
Reservation ...)
+ TODO: check
+CVE-2026-4611 (A flaw has been found in TOTOLINK X6000R
9.4.0cu.1360_B20241207/9.4.0c ...)
+ TODO: check
+CVE-2026-4597 (A security flaw has been discovered in 648540858
wvp-GB28181-pro up to ...)
+ TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc814795 by security tracker role at 2026-03-23T20:13:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,215 @@ +CVE-2026-4647 (A flaw was found in the GNU Binutils BFD library, a widely used compon ...) + TODO: check +CVE-2026-4645 (A flaw was found in the `github.com/antchfx/xpath` component. A remote ...) + TODO: check +CVE-2026-4633 (A flaw was found in Keycloak. A remote attacker can exploit differenti ...) + TODO: check +CVE-2026-4628 (A flaw was found in Keycloak. An improper Access Control vulnerability ...) + TODO: check +CVE-2026-4596 (A vulnerability was identified in projectworlds Lawyer Management Syst ...) + TODO: check +CVE-2026-4595 (A vulnerability was determined in code-projects Exam Form Submission 1 ...) + TODO: check +CVE-2026-4594 (A vulnerability has been found in erupts erupt up to 1.13.3. Affected ...) + TODO: check +CVE-2026-4593 (A flaw has been found in erupts erupt bis 1.13.3. Affected by this vul ...) + TODO: check +CVE-2026-4592 (A security vulnerability has been detected in kalcaddle kodbox 1.64. T ...) + TODO: check +CVE-2026-4591 (A weakness has been identified in kalcaddle kodbox 1.64. This affects ...) + TODO: check +CVE-2026-4590 (A security flaw has been discovered in kalcaddle kodbox 1.64. The impa ...) + TODO: check +CVE-2026-4589 (A vulnerability was identified in kalcaddle kodbox 1.64. The affected ...) + TODO: check +CVE-2026-4588 (A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is t ...) + TODO: check +CVE-2026-4587 (A vulnerability was found in HybridAuth up to 3.12.2. This issue affec ...) + TODO: check +CVE-2026-4586 (A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This aff ...) + TODO: check +CVE-2026-4585 (A vulnerability has been found in Tiandy Easy7 Integrated Management P ...) + TODO: check +CVE-2026-4584 (A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. ...) + TODO: check +CVE-2026-4583 (A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1 ...) + TODO: check +CVE-2026-4582 (A security vulnerability has been detected in Shenzhen HCC Technology ...) + TODO: check +CVE-2026-4581 (A weakness has been identified in code-projects Simple Laundry System ...) + TODO: check +CVE-2026-4580 (A security flaw has been discovered in code-projects Simple Laundry Sy ...) + TODO: check +CVE-2026-4404 (Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and be ...) + TODO: check +CVE-2026-3635 (Summary When trustProxy is configured with a restrictive trust functio ...) + TODO: check +CVE-2026-33723 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33719 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33717 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33716 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33690 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33688 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33685 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33683 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33681 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33651 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33650 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33649 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33648 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33647 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33548 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...) + TODO: check +CVE-2026-33517 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...) + TODO: check +CVE-2026-33513 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: check +CVE-2026-33512 (WWBN AVideo is an open source video platform. In versions up to and in ...) + TODO: che
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a2d6be8 by security tracker role at 2026-03-23T08:13:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,71 @@
+CVE-2026-4606 (GV Edge Recording Manager (ERM) v2.3.1 improperly runs
application com ...)
+ TODO: check
+CVE-2026-4603 (Versions of the package jsrsasign before 11.1.1 are vulnerable
to Divi ...)
+ TODO: check
+CVE-2026-4602 (Versions of the package jsrsasign before 11.1.1 are vulnerable
to Inco ...)
+ TODO: check
+CVE-2026-4601 (Versions of the package jsrsasign before 11.1.1 are vulnerable
to Miss ...)
+ TODO: check
+CVE-2026-4600 (Versions of the package jsrsasign before 11.1.1 are vulnerable
to Impr ...)
+ TODO: check
+CVE-2026-4599 (Versions of the package jsrsasign from 7.0.0 and before 11.1.1
are vul ...)
+ TODO: check
+CVE-2026-4598 (Versions of the package jsrsasign before 11.1.1 are vulnerable
to Infi ...)
+ TODO: check
+CVE-2026-4579 (A vulnerability was identified in code-projects Simple Laundry
System ...)
+ TODO: check
+CVE-2026-4578 (A vulnerability was determined in code-projects Exam Form
Submission 1 ...)
+ TODO: check
+CVE-2026-4577 (A vulnerability was found in code-projects Exam Form Submission
1.0. T ...)
+ TODO: check
+CVE-2026-4576 (A vulnerability has been found in code-projects Exam Form
Submission 1 ...)
+ TODO: check
+CVE-2026-4575 (A flaw has been found in code-projects Exam Form Submission
1.0. This ...)
+ TODO: check
+CVE-2026-4574 (A vulnerability was detected in SourceCodester Simple
E-learning Syste ...)
+ TODO: check
+CVE-2026-4573 (A security vulnerability has been detected in SourceCodester
Simple E- ...)
+ TODO: check
+CVE-2026-4572 (A weakness has been identified in SourceCodester Sales and
Inventory S ...)
+ TODO: check
+CVE-2026-4571 (A security flaw has been discovered in SourceCodester Sales and
Invent ...)
+ TODO: check
+CVE-2026-4570 (A vulnerability was identified in SourceCodester Sales and
Inventory S ...)
+ TODO: check
+CVE-2026-4569 (A vulnerability was determined in SourceCodester Sales and
Inventory S ...)
+ TODO: check
+CVE-2026-4568 (A vulnerability was found in SourceCodester Sales and Inventory
System ...)
+ TODO: check
+CVE-2026-4567 (A vulnerability has been found in Tenda A15 15.13.07.13. The
impacted ...)
+ TODO: check
+CVE-2026-4566 (A flaw has been found in Belkin F9K1122 1.00.33. The affected
element ...)
+ TODO: check
+CVE-2026-4565 (A vulnerability was detected in Tenda AC21 16.03.08.16.
Impacted is th ...)
+ TODO: check
+CVE-2026-4564 (A security vulnerability has been detected in yangzongzhuan
RuoYi up t ...)
+ TODO: check
+CVE-2026-4563 (A weakness has been identified in MacCMS up to 2025.1000.4052.
This vu ...)
+ TODO: check
+CVE-2026-4562 (A security flaw has been discovered in MacCMS 2025.1000.4052.
This aff ...)
+ TODO: check
+CVE-2026-3587 (An unauthenticated remote attacker can exploit a hidden
function in th ...)
+ TODO: check
+CVE-2026-2580 (The WP Maps \u2013 Store Locator,Google
Maps,OpenStreetMap,Mapbox,List ...)
+ TODO: check
+CVE-2026-1969 (The trx_addons WordPress plugin before 2.38.5 does not
correctly valid ...)
+ TODO: check
+CVE-2025-6229 (The Sina Extension for Elementor (Header Builder, Footer
Builter, Them ...)
+ TODO: check
+CVE-2025-13997 (The King Addons for Elementor \u2013 4,000+ ready Elementor
sections, ...)
+ TODO: check
+CVE-2025-10736 (The ReviewX \u2013 WooCommerce Product Reviews with
Multi-Criteria, Re ...)
+ TODO: check
+CVE-2025-10734 (The ReviewX \u2013 WooCommerce Product Reviews with
Multi-Criteria, Re ...)
+ TODO: check
+CVE-2025-10731 (The ReviewX \u2013 WooCommerce Product Reviews with
Multi-Criteria, Re ...)
+ TODO: check
+CVE-2025-10679 (The ReviewX \u2013 WooCommerce Product Reviews with
Multi-Criteria, Re ...)
+ TODO: check
CVE-2026-4558 (A flaw has been found in Linksys MR9600 2.0.6.206937. Affected
is the ...)
NOT-FOR-US: Linksys
CVE-2026-4557 (A vulnerability was detected in code-projects Exam Form
Submission 1.0 ...)
@@ -14464,6 +14532,7 @@ CVE-2026-27100 (Jenkins 2.550 and earlier, LTS 2.541.1
and earlier accepts Run P
CVE-2026-27099 (Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1
through 2.54 ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-25500 (Rack is a modular Ruby web server interface. Prior to versions
2.2.22, ...)
+ {DLA-4505-1}
- ruby-rack 3.2.5-1 (bug #1128480)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp
NOTE: Fixed by:
https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0fbd7a8b by security tracker role at 2026-03-22T08:13:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,50 @@ -CVE-2026-33549 +CVE-2026-4540 (A vulnerability was detected in projectworlds Online Notes Sharing Sys ...) + TODO: check +CVE-2026-4539 (A security flaw has been discovered in pygments up to 2.19.2. The impa ...) + TODO: check +CVE-2026-4538 (A vulnerability was identified in PyTorch 2.10.0. The affected element ...) + TODO: check +CVE-2026-4537 (A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-1640 ...) + TODO: check +CVE-2026-4536 (A vulnerability was found in Acrel Environmental Monitoring Cloud Plat ...) + TODO: check +CVE-2026-4535 (A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerabil ...) + TODO: check +CVE-2026-4534 (A flaw has been found in Tenda FH451 1.0.0.9. This affects the functio ...) + TODO: check +CVE-2026-4533 (A vulnerability was detected in code-projects Simple Food Ordering Sys ...) + TODO: check +CVE-2026-4532 (A security vulnerability has been detected in code-projects Simple Foo ...) + TODO: check +CVE-2026-4531 (A weakness has been identified in Free5GC 4.1.0. Affected is the funct ...) + TODO: check +CVE-2026-4530 (A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This ...) + TODO: check +CVE-2026-4529 (A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affe ...) + TODO: check +CVE-2026-4528 (A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted ...) + TODO: check +CVE-2026-4314 (The 'The Ultimate WordPress Toolkit \u2013 WP Extended' plugin for Wor ...) + TODO: check +CVE-2026-3629 (The Import and export users and customers plugin for WordPress is vuln ...) + TODO: check +CVE-2026-3427 (The Yoast SEO \u2013 Advanced SEO with real-time guidance and built-in ...) + TODO: check +CVE-2019-25589 (ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Sh ...) + TODO: check +CVE-2019-25588 (BulletProof FTP Server 2019.0.0.50 contains a denial of service vulner ...) + TODO: check +CVE-2019-25587 (BulletProof FTP Server 2019.0.0.50 contains a denial of service vulner ...) + TODO: check +CVE-2019-25586 (Deluge 1.3.15 contains a denial of service vulnerability that allows l ...) + TODO: check +CVE-2019-25585 (Deluge 1.3.15 contains a denial of service vulnerability that allows l ...) + TODO: check +CVE-2019-25584 (RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Serv ...) + TODO: check +CVE-2019-25583 (RarmaRadio 2.72.3 contains a denial of service vulnerability in the Us ...) + TODO: check +CVE-2026-33549 (SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege a ...) - spip 4.4.13+dfsg-1 NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-13.html NOTE: https://git.spip.net/spip/prive/-/merge_requests/131 @@ -2301,10 +2347,10 @@ CVE-2025-14031 (IBM Sterling B2B Integrator andand IBM Sterling File Gateway6.1. CVE-2026-3312 - pagure NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443259 -CVE-2025-71276 [prevent xss with events, tasks and contacts categories] +CVE-2025-71276 (SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, ...) - sogo NOTE: Fixed by: https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416f6749df4ab4f9128af2d1 (SOGo-5.12.5) -CVE-2026-33550 [properly change the totp code after disabling it] +CVE-2026-33550 (SOGo before 5.12.5 does not renew the OTP if a user disables/enables i ...) - sogo NOTE: Fixed by: https://github.com/Alinto/sogo/commit/83d4c522f87cfde0ba543837d9b24c3479083ec2 (SOGo-5.12.5) CVE-2026-4359 (A compromised third party cloud server or man-in-the-middle attacker c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fbd7a8b5c23366f2a895610988b79acf077defa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fbd7a8b5c23366f2a895610988b79acf077defa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b1addc6 by security tracker role at 2026-03-21T20:12:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,95 @@ +CVE-2026-4516 (A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. Th ...) + TODO: check +CVE-2026-4515 (A vulnerability has been found in Foundation Agents MetaGPT up to 0.8. ...) + TODO: check +CVE-2026-4514 (A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue ...) + TODO: check +CVE-2026-4513 (A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected b ...) + TODO: check +CVE-2026-4511 (A security vulnerability has been detected in vanna-ai vanna up to 2.0 ...) + TODO: check +CVE-2026-2756 (A security vulnerability has been detected in OmniPEMF NeoRhythm up to ...) + TODO: check +CVE-2019-25582 (i-doit CMDB 1.12 contains an arbitrary file download vulnerability tha ...) + TODO: check +CVE-2019-25581 (i-doit CMDB 1.12 contains an SQL injection vulnerability that allows u ...) + TODO: check +CVE-2019-25580 (ownDMS 4.7 contains an SQL injection vulnerability that allows unauthe ...) + TODO: check +CVE-2019-25579 (phpTransformer 2016.9 contains a directory traversal vulnerability tha ...) + TODO: check +CVE-2019-25578 (phpTransformer 2016.9 contains an SQL injection vulnerability that all ...) + TODO: check +CVE-2019-25577 (SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerabili ...) + TODO: check +CVE-2019-25576 (Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability th ...) + TODO: check +CVE-2019-25575 (SimplePress CMS 1.0.7 contains an SQL injection vulnerability that all ...) + TODO: check +CVE-2019-25574 (Green CMS 2.x contains a path traversal vulnerability that allows auth ...) + TODO: check +CVE-2019-25573 (Green CMS 2.x contains an SQL injection vulnerability that allows auth ...) + TODO: check +CVE-2019-25572 (NordVPN 6.19.6 contains a denial of service vulnerability that allows ...) + TODO: check +CVE-2019-25571 (MediaMonkey 4.1.23 contains a denial of service vulnerability that all ...) + TODO: check +CVE-2019-25570 (RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnera ...) + TODO: check +CVE-2019-25569 (RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overfl ...) + TODO: check +CVE-2019-25568 (Memu Play 6.0.7 contains an insecure file permissions vulnerability th ...) + TODO: check +CVE-2019-25567 (Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability ...) + TODO: check +CVE-2019-25566 (TransMac 12.3 contains a buffer overflow vulnerability in the volume n ...) + TODO: check +CVE-2019-25565 (Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability ...) + TODO: check +CVE-2019-25564 (PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that a ...) + TODO: check +CVE-2019-25563 (PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that a ...) + TODO: check +CVE-2019-25562 (jetAudio 8.1.7 contains a buffer overflow vulnerability in the video c ...) + TODO: check +CVE-2019-25561 (Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allo ...) + TODO: check +CVE-2019-25560 (Lyric Video Creator 2.1 contains a denial of service vulnerability tha ...) + TODO: check +CVE-2019-25559 (SpotPaltalk 1.1.5 contains a denial of service vulnerability in the re ...) + TODO: check +CVE-2019-25558 (Selfie Studio 2.17 contains a denial of service vulnerability in the R ...) + TODO: check +CVE-2019-25557 (TwistedBrush Pro Studio 24.06 contains a denial of service vulnerabili ...) + TODO: check +CVE-2019-25556 (TwistedBrush Pro Studio 24.06 contains a denial of service vulnerabili ...) + TODO: check +CVE-2019-2 (TwistedBrush Pro Studio 24.06 contains a denial of service vulnerabili ...) + TODO: check +CVE-2019-25554 (Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerabilit ...) + TODO: check +CVE-2019-25553 (CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability t ...) + TODO: check +CVE-2019-25552 (CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that ...) + TODO: check +CVE-2019-25551 (Sandboxie 5.30 contains a denial of service vulnerability that allows ...) + TODO: check +CVE-2019-25550 (Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows l ...) + TODO: check +CVE-2019-25549 (VeryPDF PCL Converter 2.7 contains a denial of service vulnerability t ...) + TODO: check +CVE-2019-25548 (BlueStacks 4.80.0.1060 contains a denial of service vulnerability that ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 049ac4e5 by security tracker role at 2026-03-21T08:13:42+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,389 @@ +CVE-2026-4510 (A weakness has been identified in PbootCMS up to 3.2.12. This impacts ...) + TODO: check +CVE-2026-4509 (A security flaw has been discovered in PbootCMS up to 3.2.12. This aff ...) + TODO: check +CVE-2026-4508 (A vulnerability was identified in PbootCMS up to 3.2.12. The impacted ...) + TODO: check +CVE-2026-4507 (A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. T ...) + TODO: check +CVE-2026-4506 (A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impact ...) + TODO: check +CVE-2026-4373 (The JetFormBuilder plugin for WordPress is vulnerable to arbitrary fil ...) + TODO: check +CVE-2026-4302 (The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable ...) + TODO: check +CVE-2026-4261 (The Expire Users plugin for WordPress is vulnerable to Privilege Escal ...) + TODO: check +CVE-2026-4161 (The Review Map by RevuKangaroo plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2026-4143 (The Neos Connector for Fakturama plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2026-4127 (The Speedup Optimization plugin for WordPress is vulnerable to Missing ...) + TODO: check +CVE-2026-4087 (The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQ ...) + TODO: check +CVE-2026-4086 (The WP Random Button plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2026-4084 (The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2026-4083 (The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable ...) + TODO: check +CVE-2026-4077 (The Ecover Builder For Dummies plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2026-4072 (The WordPress PayPal Donation plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2026-4069 (The Alfie \u2013 Feed Plugin plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2026-4067 (The Ad Short plugin for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2026-4022 (The Show Posts list \u2013 Easy designs, filters and more plugin for W ...) + TODO: check +CVE-2026-4004 (The Task Manager plugin for WordPress is vulnerable to arbitrary short ...) + TODO: check +CVE-2026-3997 (The Text Toggle plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2026-3996 (The WP Games Embed plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2026-3864 (A vulnerability was discovered in the Kubernetes CSI Driver for NFS wh ...) + TODO: check +CVE-2026-3651 (The Build App Online plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2026-3645 (The Punnel \u2013 Landing Page Builder plugin for WordPress is vulnera ...) + TODO: check +CVE-2026-3641 (The Appmax plugin for WordPress is vulnerable to Improper Input Valida ...) + TODO: check +CVE-2026-3619 (The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2026-3617 (The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2026-3584 (The Kali Forms plugin for WordPress is vulnerable to Remote Code Execu ...) + TODO: check +CVE-2026-3577 (The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2026-3572 (The iTracker360 plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2026-3570 (The Smarter Analytics plugin for WordPress is vulnerable to unauthoriz ...) + TODO: check +CVE-2026-3567 (The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress ...) + TODO: check +CVE-2026-3554 (The Sherk Custom Post Type Displays plugin for WordPress is vulnerable ...) + TODO: check +CVE-2026-3546 (The e-shot form builder plugin for WordPress is vulnerable to Sensitiv ...) + TODO: check +CVE-2026-3516 (The Contact List plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2026-3506 (The WP-Chatbot for Messenger plugin for WordPress is vulnerable to aut ...) + TODO: check +CVE-2026-3478 (The Content Syndication Toolkit plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2026-3474 (The EmailKit \u2013 Email Customizer for WooCommerce & WP plugin for W ...) + TODO: check +CVE-2026-3460 (The REST API TO MiniProgram plugin for WordPress is vulnerable to Inse ...) + TODO: check +CVE-2026-3368
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 868f60e1 by security tracker role at 2026-03-20T20:19:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,28 +1,232 @@ -CVE-2026-23278 [netfilter: nf_tables: always walk all pending catchall elements] +CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the URL which ...) + TODO: check +CVE-2026-4505 (A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. Thi ...) + TODO: check +CVE-2026-4504 (A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnera ...) + TODO: check +CVE-2026-4500 (A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297 ...) + TODO: check +CVE-2026-4499 (A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is t ...) + TODO: check +CVE-2026-4497 (A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. ...) + TODO: check +CVE-2026-4496 (A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262 ...) + TODO: check +CVE-2026-4495 (A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts ...) + TODO: check +CVE-2026-4494 (A vulnerability was identified in atjiu pybbs 6.0.0. This affects the ...) + TODO: check +CVE-2026-4493 (A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impac ...) + TODO: check +CVE-2026-4492 (A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected e ...) + TODO: check +CVE-2026-4491 (A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted ...) + TODO: check +CVE-2026-4490 (A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects ...) + TODO: check +CVE-2026-4489 (A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulner ...) + TODO: check +CVE-2026-4488 (A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907- ...) + TODO: check +CVE-2026-4487 (A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. ...) + TODO: check +CVE-2026-4486 (A vulnerability was found in D-Link DIR-513 1.10. This affects the fun ...) + TODO: check +CVE-2026-4485 (A vulnerability has been found in itsourcecode College Management Syst ...) + TODO: check +CVE-2026-4438 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.co ...) + TODO: check +CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.co ...) + TODO: check +CVE-2026-4434 (Improper certificate validation in the PAM propagation WinRM connectio ...) + TODO: check +CVE-2026-3550 (The RockPress plugin for WordPress is vulnerable to Missing Authorizat ...) + TODO: check +CVE-2026-33372 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...) + TODO: check +CVE-2026-33371 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...) + TODO: check +CVE-2026-33370 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...) + TODO: check +CVE-2026-33369 (Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vu ...) + TODO: check +CVE-2026-33368 (Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cr ...) + TODO: check +CVE-2026-33312 (Vikunja is an open-source self-hosted task management platform. Starti ...) + TODO: check +CVE-2026-33192 (Free5GC is an open-source Linux Foundation project for 5th generation ...) + TODO: check +CVE-2026-33140 (PySpector is a static analysis security testing (SAST) Framework engin ...) + TODO: check +CVE-2026-33139 (PySpector is a static analysis security testing (SAST) Framework engin ...) + TODO: check +CVE-2026-33136 (WeGIA is a web manager for charitable institutions. Versions 3.6.6 and ...) + TODO: check +CVE-2026-33135 (WeGIA is a web manager for charitable institutions. Versions 3.6.6 and ...) + TODO: check +CVE-2026-33134 (WeGIA is a web manager for charitable institutions. Versions 3.6.5 and ...) + TODO: check +CVE-2026-33133 (WeGIA is a web manager for charitable institutions. In versions 3.6.5 ...) + TODO: check +CVE-2026-33132 (ZITADEL is an open source identity management platform. Versions prior ...) + TODO: check +CVE-2026-33131 (H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through 2.0.1-rc.14 ...) + TODO: check +CVE-2026-33130 (Uptime Kuma is an open source, self-hosted monitoring tool. In version ...) + TODO: check +CVE-2026-33129 (H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0 through 2.0.0- ...) + TODO: check +CVE-2026-33128 (H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and betw ...) + TODO: check +CVE-2026-33126 (Frigate i
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: efa3091a by security tracker role at 2026-03-20T08:13:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,93 +1,531 @@ +CVE-2026-4478 (A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1 ...) + TODO: check +CVE-2026-4477 (A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1 ...) + TODO: check +CVE-2026-4476 (A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_2017 ...) + TODO: check +CVE-2026-4475 (A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1 ...) + TODO: check +CVE-2026-4474 (A flaw has been found in itsourcecode University Management System 1.0 ...) + TODO: check +CVE-2026-4473 (A vulnerability was detected in itsourcecode Online Doctor Appointment ...) + TODO: check +CVE-2026-4472 (A security vulnerability has been detected in itsourcecode Online Froz ...) + TODO: check +CVE-2026-4471 (A weakness has been identified in itsourcecode Online Frozen Foods Ord ...) + TODO: check +CVE-2026-4470 (A security flaw has been discovered in itsourcecode Online Frozen Food ...) + TODO: check +CVE-2026-4469 (A vulnerability was identified in itsourcecode Online Frozen Foods Ord ...) + TODO: check +CVE-2026-4468 (A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected i ...) + TODO: check +CVE-2026-4467 (A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an ...) + TODO: check +CVE-2026-4466 (A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affec ...) + TODO: check +CVE-2026-4465 (A flaw has been found in D-Link DIR-513 1.10. The impacted element is ...) + TODO: check +CVE-2026-4428 (A logic error in CRL distribution point validation in AWS-LC before 1. ...) + TODO: check +CVE-2026-4395 (Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import ...) + TODO: check +CVE-2026-4159 (1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length e ...) + TODO: check +CVE-2026-4136 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is ...) + TODO: check +CVE-2026-4038 (The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Functi ...) + TODO: check +CVE-2026-3948 + REJECTED +CVE-2026-3849 (Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Confi ...) + TODO: check +CVE-2026-3549 (Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ...) + TODO: check +CVE-2026-3547 (Out-of-bounds read in ALPN parsing due to incomplete validation. wolfS ...) + TODO: check +CVE-2026-3230 (Missing required cryptographic step in the TLS 1.3 client HelloRetryRe ...) + TODO: check +CVE-2026-3229 (An integer overflow vulnerability existed in the static function wolfs ...) + TODO: check +CVE-2026-33410 (Discourse is an open-source discussion platform. Versions prior to 202 ...) + TODO: check +CVE-2026-33408 (Discourse is an open-source discussion platform. Prior to versions 202 ...) + TODO: check +CVE-2026-33395 (Discourse is an open-source discussion platform. Prior to versions 202 ...) + TODO: check +CVE-2026-33394 (Discourse is an open-source discussion platform. Prior to versions 202 ...) + TODO: check +CVE-2026-33393 (Discourse is an open-source discussion platform. Prior to versions 202 ...) + TODO: check +CVE-2026-33355 (Discourse is an open-source discussion platform. Prior to versions 202 ...) + TODO: check +CVE-2026-33346 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-33321 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-33305 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-33304 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-33303 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-33302 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-33301 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-33299 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-33289 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...) + TODO: check +CVE-2026-33288 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...) + TODO: check +CVE-2026-33191 (Free5GC is an open-source Linux Foundation project for 5th ge
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f755dc01 by security tracker role at 2026-03-19T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,131 @@
+CVE-2026-4427 (A flaw was found in pgproto3. A malicious or compromised
PostgreSQL se ...)
+ TODO: check
+CVE-2026-4426 (A flaw was found in libarchive. An Undefined Behavior
vulnerability ex ...)
+ TODO: check
+CVE-2026-4424 (A flaw was found in libarchive. This heap out-of-bounds read
vulnerabi ...)
+ TODO: check
+CVE-2026-3658 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
+ TODO: check
+CVE-2026-3580 (In wolfSSL 5.8.4, constant-time masking logic in
sp_256_get_entry_256_ ...)
+ TODO: check
+CVE-2026-3579 (wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a
constant-time soft ...)
+ TODO: check
+CVE-2026-3548 (Two buffer overflow vulnerabilities existed in the wolfSSL CRL
parser ...)
+ TODO: check
+CVE-2026-3511 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
+CVE-2026-3503 (Protection mechanism failure in wolfCrypt post-quantum
implementations ...)
+ TODO: check
+CVE-2026-3029 (A path traversal and arbitrary file write vulnerability exist
in the e ...)
+ TODO: check
+CVE-2026-32869 (OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly
sanitize ...)
+ TODO: check
+CVE-2026-32868 (OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly
sanitize ...)
+ TODO: check
+CVE-2026-32867 (OPEXUS eComplaint before version 10.1.0.0 allows an
unauthenticated at ...)
+ TODO: check
+CVE-2026-32866 (OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly
sanitize ...)
+ TODO: check
+CVE-2026-32865 (OPEXUS eComplaint and eCASE before version 10.1.0.0 include
the secret ...)
+ TODO: check
+CVE-2026-32843 (Location Aware Sensor System by Linkit ONE, up to commit
f06bd20 (2023 ...)
+ TODO: check
+CVE-2026-32238 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-32119 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-30711 (Devome GRR v4.5.0 was discovered to contain multiple
authenticated SQL ...)
+ TODO: check
+CVE-2026-30694 (An issue in DedeCMS v.5.7.118 and before allows a remote
attacker to e ...)
+ TODO: check
+CVE-2026-30404 (The backend database management connection test feature in
wgcloud v3. ...)
+ TODO: check
+CVE-2026-30403 (There is an arbitrary file read vulnerability in the test
connection f ...)
+ TODO: check
+CVE-2026-30402 (An issue in wgcloud v.2.3.7 and before allows a remote
attacker to exe ...)
+ TODO: check
+CVE-2026-2646 (A heap-buffer-overflow vulnerability exists in wolfSSL's
wolfSSL_d2i_S ...)
+ TODO: check
+CVE-2026-2645 (In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS
1.2 serv ...)
+ TODO: check
+CVE-2026-27070 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27068 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27067 (Unrestricted Upload of File with Dangerous Type vulnerability
in Syari ...)
+ TODO: check
+CVE-2026-27065 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-27043 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
+ TODO: check
+CVE-2026-26940 (Improper Validation of Specified Quantity in Input (CWE-1284)
in the T ...)
+ TODO: check
+CVE-2026-26939 (Missing Authorization (CWE-862) in Kibana\u2019s server-side
Detection ...)
+ TODO: check
+CVE-2026-26933 (Improper Validation of Array Index (CWE-129) in multiple
protocol pars ...)
+ TODO: check
+CVE-2026-26931 (Memory Allocation with Excessive Size Value (CWE-789) in the
Prometheu ...)
+ TODO: check
+CVE-2026-25928 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25744 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25667 (ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and
.NET 9.0 ...)
+ TODO: check
+CVE-2026-25445 (Deserialization of Untrusted Data vulnerability in Membership
Software ...)
+ TODO: check
+CVE-2026-25443 (Missing Authorization vulnerability in Dotstore Fraud
Prevention For W ...)
+ TODO: check
+CVE-2026-25442 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25438 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d3ec16ec by security tracker role at 2026-03-19T08:13:36+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,8 +1,154 @@ -CVE-2026-31973 +CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect v ...) + TODO: check +CVE-2026-4120 (The Info Cards \u2013 Add Text and Media in Card Layouts plugin for Wo ...) + TODO: check +CVE-2026-4068 (The Add Custom Fields to Media plugin for WordPress is vulnerable to C ...) + TODO: check +CVE-2026-4006 (The Simple Draft List plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2026-3475 (The Instant Popup Builder plugin for WordPress is vulnerable to Unauth ...) + TODO: check +CVE-2026-3181 + REJECTED +CVE-2026-33163 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-33042 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32944 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32943 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32886 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32878 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32805 (Romeo gives the capability to reach high code coverage of Go \u22651.2 ...) + TODO: check +CVE-2026-32770 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32743 (PX4 is an open-source autopilot stack for drones and unmanned vehicles ...) + TODO: check +CVE-2026-32742 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32737 (Romeo gives the capability to reach high code coverage of Go \u22651.2 ...) + TODO: check +CVE-2026-32736 (The Hytale Modding Wiki is a free service for Hytale mods to host thei ...) + TODO: check +CVE-2026-32735 (openapi-to-java-records-mustache-templates allows users to generate Ja ...) + TODO: check +CVE-2026-32731 (ApostropheCMS is an open-source content management framework. Prior to ...) + TODO: check +CVE-2026-32730 (ApostropheCMS is an open-source content management framework. Prior to ...) + TODO: check +CVE-2026-32728 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32723 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, Sandbox ...) + TODO: check +CVE-2026-32722 (Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray ...) + TODO: check +CVE-2026-32703 (OpenProject is an open-source, web-based project management software. ...) + TODO: check +CVE-2026-32700 (Devise is an authentication solution for Rails based on Warden. Prior ...) + TODO: check +CVE-2026-32698 (OpenProject is an open-source, web-based project management software. ...) + TODO: check +CVE-2026-32638 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...) + TODO: check +CVE-2026-32636 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-32321 (ClipBucket v5 is an open source video sharing platform. An authenticat ...) + TODO: check +CVE-2026-32255 (Kan is an open-source project management tool. In versions 0.5.4 and b ...) + TODO: check +CVE-2026-32000 (OpenClaw versions prior to 2026.2.19 contain a command injection vulne ...) + TODO: check +CVE-2026-31999 (OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a cur ...) + TODO: check +CVE-2026-31998 (OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization byp ...) + TODO: check +CVE-2026-31997 (OpenClaw versions prior to 2026.3.1 fail to pin executable identity fo ...) + TODO: check +CVE-2026-31996 (OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an i ...) + TODO: check +CVE-2026-31995 (OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injec ...) + TODO: check +CVE-2026-31994 (OpenClaw versions prior to 2026.2.19 contain a local command injection ...) + TODO: check +CVE-2026-31993 (OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mism ...) + TODO: check +CVE-2026-31992 (OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulne ...) + TODO: check +CVE-2026-31991 (OpenClaw versions prior to 2026.2.26 contain an authorization bypass v ...) + TODO: check +CVE-2026-31990 (OpenClaw versions prior to 2
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
32745d50 by security tracker role at 2026-03-18T20:13:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,124 +1,254 @@
-CVE-2026-23268 [apparmor: fix unprivileged local user can do privileged policy
management]
+CVE-2026-4396 (Improper certificate validation in Devolutions Hub Reporting
Service ...)
+ TODO: check
+CVE-2026-3479 (pkgutil.get_data() did not validate the resource argument as
documente ...)
+ TODO: check
+CVE-2026-3278 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-3090 (The Post SMTP \u2013 Complete Email Deliverability and SMTP
Solution w ...)
+ TODO: check
+CVE-2026-33265 (In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for
both the Li ...)
+ TODO: check
+CVE-2026-33004 (Jenkins LoadNinja Plugin 2.1 and earlier does not mask
LoadNinja API k ...)
+ TODO: check
+CVE-2026-33003 (Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API
keys une ...)
+ TODO: check
+CVE-2026-33002 (Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3
through LTS ...)
+ TODO: check
+CVE-2026-33001 (Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not
safely han ...)
+ TODO: check
+CVE-2026-32694 (In Juju from version 3.0.0 through 3.6.18, when a secret owner
grants ...)
+ TODO: check
+CVE-2026-32693 (In Juju from version 3.0.0 through 3.6.18, the authorization
of the "s ...)
+ TODO: check
+CVE-2026-32692 (An authorization bypass vulnerability in the Vault secrets
back-end im ...)
+ TODO: check
+CVE-2026-32691 (A race condition in the secrets management subsystem of Juju
versions ...)
+ TODO: check
+CVE-2026-32634 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
+ TODO: check
+CVE-2026-32633 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
+ TODO: check
+CVE-2026-32632 (Glances is an open-source system cross-platform monitoring
tool. Glanc ...)
+ TODO: check
+CVE-2026-32611 (Glances is an open-source system cross-platform monitoring
tool. The G ...)
+ TODO: check
+CVE-2026-32610 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
+ TODO: check
+CVE-2026-32609 (Glances is an open-source system cross-platform monitoring
tool. The G ...)
+ TODO: check
+CVE-2026-32565 (Missing Authorization vulnerability in WebberZone Contextual
Related P ...)
+ TODO: check
+CVE-2026-31971 (HTSlib is a library for reading and writing bioinformatics
file format ...)
+ TODO: check
+CVE-2026-31970 (HTSlib is a library for reading and writing bioinformatics
file format ...)
+ TODO: check
+CVE-2026-31969 (HTSlib is a library for reading and writing bioinformatics
file format ...)
+ TODO: check
+CVE-2026-31968 (HTSlib is a library for reading and writing bioinformatics
file format ...)
+ TODO: check
+CVE-2026-31967 (HTSlib is a library for reading and writing bioinformatics
file format ...)
+ TODO: check
+CVE-2026-31966 (HTSlib is a library for reading and writing bioinformatics
file format ...)
+ TODO: check
+CVE-2026-31965 (HTSlib is a library for reading and writing bioinformatics
file format ...)
+ TODO: check
+CVE-2026-31964 (HTSlib is a library for reading and writing bioinformatics
file format ...)
+ TODO: check
+CVE-2026-31963 (HTSlib is a library for reading and writing bioinformatics
file format ...)
+ TODO: check
+CVE-2026-31962 (HTSlib is a library for reading and writing bioinformatics
file format ...)
+ TODO: check
+CVE-2026-30704 (The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
exposes an ...)
+ TODO: check
+CVE-2026-30703 (A command injection vulnerability exists in the web management
interfa ...)
+ TODO: check
+CVE-2026-30702 (The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
implements ...)
+ TODO: check
+CVE-2026-30701 (The web interface of the WiFi Extender WDR201A (HW V2.1, FW
LFMZX28040 ...)
+ TODO: check
+CVE-2026-30695 (A Cross-Site Scripting (XSS) vulnerability exists in the
web-based con ...)
+ TODO: check
+CVE-2026-30345 (A zip slip vulnerability in the Admin import functionality of
CTFd v3. ...)
+ TODO: check
+CVE-2026-30048 (A stored cross-site scripting (XSS) vulnerability exists in
the NotCha ...)
+ TODO: check
+CVE-2026-2992 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
+ TODO: check
+CVE-2026-2991 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
+ TODO: check
+CVE-2026-2559 (The Post SMTP plugin for WordPress is vulnerable to
unauthorized modif ...)
+ TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 410a0977 by security tracker role at 2026-03-18T08:14:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,181 @@ +CVE-2026-4366 (A flaw was identified in Keycloak, an identity and access management s ...) + TODO: check +CVE-2026-4356 (A flaw has been found in itsourcecode University Management System 1.0 ...) + TODO: check +CVE-2026-4355 (A vulnerability was detected in Portabilis i-Educar 2.11. This impacts ...) + TODO: check +CVE-2026-4354 (A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01 ...) + TODO: check +CVE-2026-4349 (A vulnerability was determined in Duende IdentityServer 4. The affecte ...) + TODO: check +CVE-2026-4268 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) + TODO: check +CVE-2026-3856 (IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could all ...) + TODO: check +CVE-2026-3512 (The Writeprint Stylometry plugin for WordPress is vulnerable to Reflec ...) + TODO: check +CVE-2026-33189 + REJECTED +CVE-2026-33188 + REJECTED +CVE-2026-33187 + REJECTED +CVE-2026-33058 (Kanboard is project management software focused on Kanban methodology. ...) + TODO: check +CVE-2026-32842 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecur ...) + TODO: check +CVE-2026-32841 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an authent ...) + TODO: check +CVE-2026-32840 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored c ...) + TODO: check +CVE-2026-32839 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-si ...) + TODO: check +CVE-2026-32838 (Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP ...) + TODO: check +CVE-2026-32608 (Glances is an open-source system cross-platform monitoring tool. The G ...) + TODO: check +CVE-2026-32606 (IncusOS is an immutable OS image dedicated to running Incus. Prior to ...) + TODO: check +CVE-2026-32596 (Glances is an open-source system cross-platform monitoring tool. Prior ...) + TODO: check +CVE-2026-32268 (The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Sto ...) + TODO: check +CVE-2026-32266 (The Google Cloud Storage for Craft CMS plugin provides a Google Cloud ...) + TODO: check +CVE-2026-32265 (The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration f ...) + TODO: check +CVE-2026-32256 (music-metadata is a metadata parser for audio and video media files. P ...) + TODO: check +CVE-2026-32254 (Kube-router is a turnkey solution for Kubernetes networking. Prior to ...) + TODO: check +CVE-2026-31938 (jsPDF is a library to generate PDFs in JavaScript. Prior to version 4. ...) + TODO: check +CVE-2026-31898 (jsPDF is a library to generate PDFs in JavaScript. Prior to version 4. ...) + TODO: check +CVE-2026-31891 (Cockpit is a headless content management system. Any Cockpit CMS insta ...) + TODO: check +CVE-2026-31865 (Elysia is a Typescript framework for request validation, type inferenc ...) + TODO: check +CVE-2026-30922 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pya ...) + TODO: check +CVE-2026-30884 (mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynami ...) + TODO: check +CVE-2026-2809 (Netskope was notified about a potential gap in its Endpoint DLP Module ...) + TODO: check +CVE-2026-29112 (DiceBear is an avatar library for designers and developers. Prior to v ...) + TODO: check +CVE-2026-29057 (Next.js is a React framework for building full-stack web applications. ...) + TODO: check +CVE-2026-29056 (Kanboard is project management software focused on Kanban methodology. ...) + TODO: check +CVE-2026-28674 (xiaoheiFS is a self-hosted financial and operational system for cloud ...) + TODO: check +CVE-2026-28673 (xiaoheiFS is a self-hosted financial and operational system for cloud ...) + TODO: check +CVE-2026-28500 (Open Neural Network Exchange (ONNX) is an open standard for machine le ...) + TODO: check +CVE-2026-28499 (LeafKit is a templating language with Swift-inspired syntax. Prior to ...) + TODO: check +CVE-2026-27980 (Next.js is a React framework for building full-stack web applications. ...) + TODO: check +CVE-2026-27979 (Next.js is a React framework for building full-stack web applications. ...) + TODO: check +CVE-2026-27978 (Next.js is a React framework for building full-stack web applications. ...) + TODO: check +CVE-2026-27977 (Next.js is a React framework for building full-stack web applications. ...) + TODO: chec
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 58894df2 by security tracker role at 2026-03-17T20:13:44+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,12 +1,152 @@ +CVE-2026-4359 (A compromised third party cloud server or man-in-the-middle attacker c ...) + TODO: check +CVE-2026-4358 (A specially crafted aggregation query with $lookup by an authenticated ...) + TODO: check +CVE-2026-4324 (A flaw was found in the Katello plugin for Red Hat Satellite. This vul ...) + TODO: check +CVE-2026-4319 (A vulnerability was identified in code-projects Simple Food Order Syst ...) + TODO: check +CVE-2026-4318 (A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. A ...) + TODO: check +CVE-2026-4295 (Improper trust boundary enforcement in Kiro IDE before version 0.8.0 o ...) + TODO: check +CVE-2026-4271 (A flaw was found in libsoup, a library for handling HTTP requests. Thi ...) + TODO: check +CVE-2026-4208 (The extension fails to properly reset the generated MFA code after suc ...) + TODO: check +CVE-2026-4202 (The extension fails to verify, if an authenticated user has permission ...) + TODO: check +CVE-2026-4148 (A use-after-free vulnerability can be triggered in sharded clusters by ...) + TODO: check +CVE-2026-4147 (An authenticated user with the read role may read limited amounts of u ...) + TODO: check +CVE-2026-4064 (Missing authorization checks on multiple gRPC service endpoints in Pow ...) + TODO: check +CVE-2026-3888 (Local privilege escalation in snapd on Linux allows local attackers to ...) + TODO: check +CVE-2026-3564 (A condition in ScreenConnect may allow an actor with access to server- ...) + TODO: check +CVE-2026-3563 (Improper input validation in the apps and endpoints configuration in P ...) + TODO: check +CVE-2026-3207 (Configuration issuein Java Management Extensions (JMX) in TIBCO BPM En ...) + TODO: check +CVE-2026-32981 (A path traversal vulnerability was identified in Ray Dashboard (defaul ...) + TODO: check +CVE-2026-32837 (miniaudio version 0.11.25 and earlier contain a heap out-of-bounds rea ...) + TODO: check +CVE-2026-32836 (dr_libs version 0.13.3 and earlier contain an uncontrolled memory allo ...) + TODO: check +CVE-2026-32586 (Missing Authorization vulnerability in Pluggabl Booster for WooCommerc ...) + TODO: check +CVE-2026-32298 (The Angeet ES3 KVM does not properly sanitize user-supplied variables ...) + TODO: check +CVE-2026-32297 (The Angeet ES3 KVM allows a remote, unauthenticated attacker to write ...) + TODO: check +CVE-2026-32296 (Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint wit ...) + TODO: check +CVE-2026-32295 (JetKVM before 0.5.4 does not rate limit login requests, enabling brute ...) + TODO: check +CVE-2026-32294 (JetKVM prior to 0.5.4 does not verify the authenticity of downloaded f ...) + TODO: check +CVE-2026-32293 (The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot- ...) + TODO: check +CVE-2026-32292 (The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requ ...) + TODO: check +CVE-2026-32291 (The GL-iNet Comet (GL-RM1) KVM does not require authentication on the ...) + TODO: check +CVE-2026-32290 (The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify the authen ...) + TODO: check +CVE-2026-30911 (Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vuln ...) + TODO: check +CVE-2026-30707 (An issue was discovered in SpeedExam Online Examination System (SaaS) ...) + TODO: check +CVE-2026-28779 (Apache Airflow versions 3.1.0 through 3.1.7session token (_token) in c ...) + TODO: check +CVE-2026-28563 (Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint ...) + TODO: check +CVE-2026-28506 (Outline is a service that allows for collaborative documentation. Prio ...) + TODO: check +CVE-2026-26929 (Apache Airflow versions 3.0.0 through 3.1.7FastAPI DagVersion listing ...) + TODO: check +CVE-2026-25936 (GLPI is a free Asset and IT management software package. Starting in v ...) + TODO: check +CVE-2026-25790 (Wazuh is a free and open source platform used for threat prevention, d ...) + TODO: check +CVE-2026-25772 (Wazuh is a free and open source platform used for threat prevention, d ...) + TODO: check +CVE-2026-25771 (Wazuh is a free and open source platform used for threat prevention, d ...) + TODO: check +CVE-2026-25770 (Wazuh is a free and open source platform used for threat prevention, d ...) + TODO: check +CVE-2026-25769 (Wazuh is a free and open source platform used for threat prevention, d ...) + T
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 623a0044 by security tracker role at 2026-03-17T08:13:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,42 @@ -CVE-2026-4177 [heap buffer overflow in the YAML emitter] +CVE-2026-4312 (GCB/FCB Audit Software developed by DrangSoft has a Missing Authentica ...) + TODO: check +CVE-2026-4308 (A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. Thi ...) + TODO: check +CVE-2026-4307 (A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7 ...) + TODO: check +CVE-2026-4289 (A security vulnerability has been detected in Tiandy Easy7 Integrated ...) + TODO: check +CVE-2026-4288 (A weakness has been identified in Tiandy Easy7 Integrated Management P ...) + TODO: check +CVE-2026-4287 (A security flaw has been discovered in Tiandy Easy7 Integrated Managem ...) + TODO: check +CVE-2026-4285 (A vulnerability was identified in taoofagi easegen-admin up to 8f87936 ...) + TODO: check +CVE-2026-4284 (A vulnerability was determined in taoofagi easegen-admin up to 8f87936 ...) + TODO: check +CVE-2026-4258 (All versions of the package sjcl are vulnerable to Improper Verificati ...) + TODO: check +CVE-2026-3237 (In affected versions of Octopus Server it was possible for a low privi ...) + TODO: check +CVE-2026-2579 (The WowStore \u2013 Store Builder & Product Blocks for WooCommerce plu ...) + TODO: check +CVE-2026-2454 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...) + TODO: check +CVE-2026-2373 (The Royal Addons for Elementor \u2013 Addons and Templates Kit for Ele ...) + TODO: check +CVE-2026-29522 (ZwickRoell Test Data Management versions prior to3.0.8 contain a local ...) + TODO: check +CVE-2026-26230 (Mattermost versions 10.11.x <= 10.11.10 fail to properly validate perm ...) + TODO: check +CVE-2026-21991 (A DTrace component, dtprobed, allows arbitrary file creation through c ...) + TODO: check +CVE-2026-1629 (Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached perm ...) + TODO: check +CVE-2025-69902 (A command injection vulnerability in the minimal_wrapper.py component ...) + TODO: check +CVE-2025-50881 (The `flow/admin/moniteur.php` script in Use It Flow administration web ...) + TODO: check +CVE-2026-4177 (YAML::Syck versions through 1.36 for Perl has several potential securi ...) - libyaml-syck-perl 1.36-2 NOTE: https://lists.security.metacpan.org/cve-announce/msg/38035745/ NOTE: https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e @@ -1470,7 +1508,7 @@ CVE-2025-66955 (Local File Inclusion in Contact Plan, E-Mail, SMS and Fax compon NOT-FOR-US: Asseco SEE Live CVE-2025-61154 (Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 u ...) - libredwg (bug #595191) -CVE-2025-13913 (Inductive Automation Ignition Softwareis vulnerable to an unauthentica ...) +CVE-2025-13913 (If an Ignition user imports an external file with a specially crafted ...) NOT-FOR-US: Inductive Automation Ignition Software CVE-2025-13462 (The "tarfile" module would still apply normalization of AREGTYPE (\x00 ...) TODO: check @@ -24851,7 +24889,7 @@ CVE-2026-22797 (An issue was discovered in OpenStack keystonemiddleware 10.5 thr NOTE: https://www.openwall.com/lists/oss-security/2026/01/15/1 NOTE: https://bugs.launchpad.net/keystonemiddleware/+bug/2129018 NOTE: Introduced with: https://github.com/openstack/keystonemiddleware/commit/de15a610e160defb367b224258498727384d10a8 (10.5.0) -CVE-2026-0708 +CVE-2026-0708 (A flaw was found in libucl. A remote attacker could exploit this by pr ...) NOTE: https://github.com/vstakhov/libucl/issues/323 TODO: check if impacts security wise rspamd, which embeds libucl and uses it a compile time CVE-2026-0871 (A flaw was found in Keycloak. An administrator with `manage-users` per ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623a00442a19d7288cd122b5b0b28cb59d70a80d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623a00442a19d7288cd122b5b0b28cb59d70a80d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11f0d8ac by security tracker role at 2026-03-16T20:13:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,249 @@ +CVE-2026-4276 (LibreChat RAG API, version 0.7.0, contains a log-injection vulnerabili ...) + TODO: check +CVE-2026-4270 (Improper Protection of Alternate Path exists in the no-access and work ...) + TODO: check +CVE-2026-4269 (A missing S3 ownership verification in the Bedrock AgentCore Starter T ...) + TODO: check +CVE-2026-4265 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...) + TODO: check +CVE-2026-4254 (A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vu ...) + TODO: check +CVE-2026-4253 (A security flaw has been discovered in Tenda AC8 16.03.50.11. This aff ...) + TODO: check +CVE-2026-4252 (A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by t ...) + TODO: check +CVE-2026-4251 (A vulnerability was determined in CityData CityChat up to 0.12.6 on An ...) + TODO: check +CVE-2026-4250 (A vulnerability was found in Albert Sa\u011fl\u0131k Hizmetleri ve Tic ...) + TODO: check +CVE-2026-4243 (A weakness has been identified in La Nacion App 10.2.25 on Android. Th ...) + TODO: check +CVE-2026-4242 (A security flaw has been discovered in BabyChakra Pregnancy & Parentin ...) + TODO: check +CVE-2026-4241 (A vulnerability was identified in itsourcecode College Management Syst ...) + TODO: check +CVE-2026-4240 (A vulnerability was determined in Open5GS up to 2.7.6. The affected el ...) + TODO: check +CVE-2026-4239 (A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacte ...) + TODO: check +CVE-2026-4238 (A vulnerability has been found in itsourcecode College Management Syst ...) + TODO: check +CVE-2026-4237 (A flaw has been found in itsourcecode Free Hotel Reservation System 1. ...) + TODO: check +CVE-2026-4236 (A security vulnerability has been detected in itsourcecode Online Enro ...) + TODO: check +CVE-2026-4235 (A weakness has been identified in itsourcecode Online Enrollment Syste ...) + TODO: check +CVE-2026-4234 (A security flaw has been discovered in SSCMS 7.4.0. This vulnerability ...) + TODO: check +CVE-2026-4233 (A vulnerability was identified in ThingsGateway 12. This affects an un ...) + TODO: check +CVE-2026-4232 (A vulnerability was determined in Tiandy Integrated Management Platfor ...) + TODO: check +CVE-2026-4231 (A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by t ...) + TODO: check +CVE-2026-4230 (A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected ...) + TODO: check +CVE-2026-4229 (A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the ...) + TODO: check +CVE-2026-4228 (A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects ...) + TODO: check +CVE-2026-4227 (A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. ...) + TODO: check +CVE-2026-4224 (When an Expat parser with a registered ElementDeclHandler parses an in ...) + TODO: check +CVE-2026-3644 (The fix for CVE-2026-0672, which rejected control characters in http.c ...) + TODO: check +CVE-2026-3476 (A Code Injection vulnerability affecting SOLIDWORKS Desktop from Relea ...) + TODO: check +CVE-2026-3111 (Insecure Direct Object Reference (IDOR) vulnerability in Campus Educat ...) + TODO: check +CVE-2026-3110 (Insecure Direct Object Reference (IDOR) vulnerability in Campus Educat ...) + TODO: check +CVE-2026-3024 (Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web appl ...) + TODO: check +CVE-2026-3023 (Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web ...) + TODO: check +CVE-2026-3022 (Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web ...) + TODO: check +CVE-2026-3021 (Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web ...) + TODO: check +CVE-2026-3020 (Identity based authorization bypass vulnerability (IDOR) that allows a ...) + TODO: check +CVE-2026-32587 (Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Ex ...) + TODO: check +CVE-2026-32583 (Missing Authorization vulnerability in Webnus Inc. Modern Events Calen ...) + TODO: check +CVE-2026-32267 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...) + TODO: check +CVE-2026-32264 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...) + TODO: check +CVE-2026-32263 (Craft CMS is a content management system (CMS). From version 5.6.0 to ...) + TODO: check +CVE-2026-
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 04a63f5d by security tracker role at 2026-03-16T08:13:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,237 @@ +CVE-2026-4255 (A DLL search order hijacking vulnerability in Thermalright TR-VISION H ...) + TODO: check +CVE-2026-4226 (A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affecte ...) + TODO: check +CVE-2026-4225 (A security flaw has been discovered in CMS Made Simple up to 2.2.21. I ...) + TODO: check +CVE-2026-4223 (A vulnerability was identified in itsourcecode Payroll Management Syst ...) + TODO: check +CVE-2026-4222 (A vulnerability was determined in SSCMS up to 7.4.0. This vulnerabilit ...) + TODO: check +CVE-2026-4221 (A vulnerability was found in Tiandy Easy7 Integrated Management Platfo ...) + TODO: check +CVE-2026-4220 (A vulnerability has been found in Technologies Integrated Management P ...) + TODO: check +CVE-2026-4219 (A flaw has been found in INDEX Conferences & Exhibitions Organization ...) + TODO: check +CVE-2026-4218 (A vulnerability was detected in myAEDES App up to 1.18.4 on Android. A ...) + TODO: check +CVE-2026-4217 (A security vulnerability has been detected in XREAL Nebula App up to 3 ...) + TODO: check +CVE-2026-4216 (A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on A ...) + TODO: check +CVE-2026-4215 (A security flaw has been discovered in FlowCI flow-core-x up to 1.23.0 ...) + TODO: check +CVE-2026-4214 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, ...) + TODO: check +CVE-2026-4213 (A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DN ...) + TODO: check +CVE-2026-4212 (A security vulnerability has been detected in D-Link DNS-120, DNR-202L ...) + TODO: check +CVE-2026-4211 (A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-4210 (A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-3 ...) + TODO: check +CVE-2026-4209 (A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-4207 (A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-4206 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...) + TODO: check +CVE-2026-4205 (A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-4204 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, ...) + TODO: check +CVE-2026-4203 (A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DN ...) + TODO: check +CVE-2026-4201 (A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472 ...) + TODO: check +CVE-2026-4200 (A security flaw has been discovered in glowxq glowxq-oj up to 6f7c7230 ...) + TODO: check +CVE-2026-4199 (A vulnerability was identified in bazinga012 mcp_code_executor up to 0 ...) + TODO: check +CVE-2026-4198 (A vulnerability was determined in hypermodel-labs mcp-server-auto-comm ...) + TODO: check +CVE-2026-4197 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...) + TODO: check +CVE-2026-4196 (A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-4195 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, ...) + TODO: check +CVE-2026-4194 (A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DN ...) + TODO: check +CVE-2026-4193 (A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05 ...) + TODO: check +CVE-2026-4192 (A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. A ...) + TODO: check +CVE-2026-4191 (A flaw has been found in JawherKl node-api-postgres up to 2.5. Affecte ...) + TODO: check +CVE-2026-4190 (A vulnerability was detected in JawherKl node-api-postgres up to 2.5. ...) + TODO: check +CVE-2026-4189 (A weakness has been identified in phpipam up to 1.7.4. The impacted el ...) + TODO: check +CVE-2026-4188 (A security flaw has been discovered in D-Link DIR-619L 2.06B01. The af ...) + TODO: check +CVE-2026-4187 (A vulnerability was identified in Tiandy Easy7 Integrated Management P ...) + TODO: check +CVE-2026-4186 (A vulnerability was determined in UEditor up to 1.4.3.2. This issue af ...) + TODO: check +CVE-2026-4185 (A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-mas ...) + TODO: check +CVE-2026-4184 (A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by ...) + TODO: check +CVE-2026-4183
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97f0c4ce by security tracker role at 2026-03-15T08:13:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,35 @@
+CVE-2026-4179 (Issues in stm32 USB device driver
(drivers/usb/device/usb_dc_stm32.c) ...)
+ TODO: check
+CVE-2026-4170 (A weakness has been identified in Topsec TopACM 3.0. Affected
by this ...)
+ TODO: check
+CVE-2026-4169 (A security flaw has been discovered in Tecnick TCExam up to
16.6.0. Af ...)
+ TODO: check
+CVE-2026-4168 (A vulnerability was identified in Tecnick TCExam 16.5.0. This
impacts ...)
+ TODO: check
+CVE-2026-4167 (A vulnerability was determined in Belkin F9K1122 1.00.33. This
affects ...)
+ TODO: check
+CVE-2026-4166 (A vulnerability was found in Wavlink WL-NU516U1 240425. The
impacted e ...)
+ TODO: check
+CVE-2026-4165 (A vulnerability has been found in Worksuite HR, CRM and Project
Manage ...)
+ TODO: check
+CVE-2026-4164 (A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is
the fu ...)
+ TODO: check
+CVE-2026-4163 (A vulnerability was detected in Wavlink WL-WN579A3 220323. This
issue ...)
+ TODO: check
+CVE-2026-32774 (Vulnogram 1.0.0 contains a stored cross-site scripting
vulnerability i ...)
+ TODO: check
+CVE-2026-2233 (The User Frontend: AI Powered Frontend Posting, User Directory,
Profil ...)
+ TODO: check
+CVE-2026-1947 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin
for Wo ...)
+ TODO: check
+CVE-2026-1883 (The Wicked Folders \u2013 Folder Organizer for Pages, Posts,
and Custo ...)
+ TODO: check
+CVE-2026-1870 (The Thim Kit for Elementor \u2013 Pre-built Templates & Widgets
for El ...)
+ TODO: check
+CVE-2026-0849 (Malformed ATAES132A responses with an oversized length field
overflow ...)
+ TODO: check
+CVE-2025-54920 (This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users
are rec ...)
+ TODO: check
CVE-2026-3839 (Unraid Authentication Request Path Traversal Authentication
Bypass Vul ...)
NOT-FOR-US: Unraid
CVE-2026-3838 (Unraid Update Request Path Traversal Remote Code Execution
Vulnerabili ...)
@@ -5687,11 +5719,11 @@ CVE-2025-15595 (Privilege escalation via dll hijacking
in Inno Setup 6.2.1 and e
NOT-FOR-US: Inno Setup
CVE-2025-12345 (A security vulnerability has been detected in LLM-Claw
0.1.0/0.1.1/0.1 ...)
NOT-FOR-US: LLM-Claw
-CVE-2026-3442
+CVE-2026-3442 (A flaw was found in GNU Binutils. This vulnerability, a
heap-based buf ...)
- binutils (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443828
NOTE: binutils not covered by security support
-CVE-2026-3441
+CVE-2026-3441 (A flaw was found in GNU Binutils. This heap-based buffer
overflow vuln ...)
- binutils (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443826
NOTE: binutils not covered by security support
@@ -8999,7 +9031,7 @@ CVE-2026-2492 (TensorFlow HDF5 Library Uncontrolled
Search Path Element Local Pr
CVE-2026-2490 (RustDesk Client for Windows Transfer File Link Following
Information D ...)
NOT-FOR-US: RustDesk Client for Windows
CVE-2026-2048 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution
Vulner ...)
- {DSA-6156-1}
+ {DSA-6156-1 DLA-4500-1}
- gimp 3.2.0~RC3-1 (bug #1128606)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-121/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15554
@@ -9018,7 +9050,7 @@ CVE-2026-2047 (GIMP ICNS File Parsing Heap-based Buffer
Overflow Remote Code Exe
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/5873e16f80cf4152d25a4c86b08553008a331e90
(GIMP_3_0_8)
NOTE: Introduced by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8
(GIMP_2_99_14)
CVE-2026-2045 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution
Vulner ...)
- {DSA-6156-1}
+ {DSA-6156-1 DLA-4500-1}
- gimp 3.2.0~RC3-1 (bug #1128604)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-119/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15293
@@ -9026,7 +9058,7 @@ CVE-2026-2045 (GIMP XWD File Parsing Out-Of-Bounds Write
Remote Code Execution V
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/bb896f67942557658b3fbfc67a1c073775c002c7
(GIMP_3_0_8)
CVE-2026-2044 (GIMP PGM File Parsing Uninitialized Memory Remote Code
Execution Vulne ...)
- {DSA-6156-1}
+ {DSA-6156-1 DLA-4500-1}
- gimp 3.2.0~RC2-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-118/
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e794f0fa by security tracker role at 2026-03-14T08:13:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,93 @@ +CVE-2026-3839 (Unraid Authentication Request Path Traversal Authentication Bypass Vul ...) + TODO: check +CVE-2026-3838 (Unraid Update Request Path Traversal Remote Code Execution Vulnerabili ...) + TODO: check +CVE-2026-3562 (Philips Hue Bridge hk_hap Ed25519 Signature Verification Authenticatio ...) + TODO: check +CVE-2026-3561 (Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow R ...) + TODO: check +CVE-2026-3560 (Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer O ...) + TODO: check +CVE-2026-3559 (Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authenticat ...) + TODO: check +CVE-2026-3558 (Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode A ...) + TODO: check +CVE-2026-3557 (Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based ...) + TODO: check +CVE-2026-3556 (Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remot ...) + TODO: check +CVE-2026-3555 (Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buff ...) + TODO: check +CVE-2026-3227 (A command injection vulnerability was identified in TP-Link TL-WR802N ...) + TODO: check +CVE-2026-3082 (GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution ...) + TODO: check +CVE-2026-32772 (telnet in GNU inetutils through 2.7 allows servers to read arbitrary e ...) + TODO: check +CVE-2026-32732 (Lean 4 VS Code Extension is a Visual Studio Code extension for the Lea ...) + TODO: check +CVE-2026-32729 (Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Run ...) + TODO: check +CVE-2026-32724 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...) + TODO: check +CVE-2026-32720 (The CTFer.io Monitoring component is in charge of the collection, proc ...) + TODO: check +CVE-2026-32719 (AnythingLLM is an application that turns pieces of content into contex ...) + TODO: check +CVE-2026-32717 (AnythingLLM is an application that turns pieces of content into contex ...) + TODO: check +CVE-2026-32715 (AnythingLLM is an application that turns pieces of content into contex ...) + TODO: check +CVE-2026-32713 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...) + TODO: check +CVE-2026-32709 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...) + TODO: check +CVE-2026-32708 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...) + TODO: check +CVE-2026-32707 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...) + TODO: check +CVE-2026-32706 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...) + TODO: check +CVE-2026-32705 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...) + TODO: check +CVE-2026-32704 (SiYuan is a personal knowledge management system. Prior to 3.6.1, POST ...) + TODO: check +CVE-2026-32702 (Cleanuparr is a tool for automating the cleanup of unwanted or blocked ...) + TODO: check +CVE-2026-32640 (SimpleEval is a library for adding evaluatable expressions into python ...) + TODO: check +CVE-2026-32635 (Angular is a development platform for building mobile and desktop web ...) + TODO: check +CVE-2026-32630 (file-type detects the file type of a file, stream, or data. From 20.0. ...) + TODO: check +CVE-2026-32628 (AnythingLLM is an application that turns pieces of content into contex ...) + TODO: check +CVE-2026-32627 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...) + TODO: check +CVE-2026-32626 (AnythingLLM is an application that turns pieces of content into contex ...) + TODO: check +CVE-2026-32621 (Apollo Federation is an architecture for declaratively composing APIs ...) + TODO: check +CVE-2026-32617 (AnythingLLM is an application that turns pieces of content into contex ...) + TODO: check +CVE-2026-32616 (Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201 ...) + TODO: check +CVE-2026-32614 (Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic ...) + TODO: check +CVE-2026-2493 (IceWarp collaboration Directory Traversal Information Disclosure Vulne ...) + TODO: check +CVE-2026-2491 (Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This ...) + TODO: check +CVE-2026-26133 (AI command injection in M365 Copilot allows an unauthorized attacker t ...) + T
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
68681698 by security tracker role at 2026-03-13T20:13:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,430 @@
-CVE-2026-4105
+CVE-2026-4111 (A flaw was identified in the RAR5 archive decompression logic
of the l ...)
+ TODO: check
+CVE-2026-4092 (Path Traversal in Clasp impacting versions < 3.2.0 allows a
remote att ...)
+ TODO: check
+CVE-2026-4063 (The Social Icons Widget & Block by WPZOOM plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-3999 (A broken access control may allow an authenticated user to
perform a ...)
+ TODO: check
+CVE-2026-3986 (The Calculated Fields Form plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2026-3873 (Use of Hard-coded Credentials vulnerability in Avantra allows
Accessin ...)
+ TODO: check
+CVE-2026-32746 (telnetd in GNU inetutils through 2.7 allows an out-of-bounds
write in ...)
+ TODO: check
+CVE-2026-32745 (In JetBrains Datalore before 2026.1 session hijacking was
possible due ...)
+ TODO: check
+CVE-2026-32600 (xml-security is a library that implements XML signatures and
encryptio ...)
+ TODO: check
+CVE-2026-32594 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32543 (Missing Authorization vulnerability in CyberChimps Responsive
Blocks r ...)
+ TODO: check
+CVE-2026-32487 (Missing Authorization vulnerability in raratheme Lawyer
Landing Page l ...)
+ TODO: check
+CVE-2026-32486 (Missing Authorization vulnerability in wptravelengine Travel
Booking t ...)
+ TODO: check
+CVE-2026-32462 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-32461 (Missing Authorization vulnerability in Really Simple Plugins
Really Si ...)
+ TODO: check
+CVE-2026-32460 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-32459 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-32458 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-32457 (Missing Authorization vulnerability in Wombat Plugins Advanced
Product ...)
+ TODO: check
+CVE-2026-32456 (Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts
Admin M ...)
+ TODO: check
+CVE-2026-32455 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-32454 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-32453 (Missing Authorization vulnerability in ThemeFusion Avada Core
fusion-c ...)
+ TODO: check
+CVE-2026-32452 (Missing Authorization vulnerability in ThemeFusion Fusion
Builder fusi ...)
+ TODO: check
+CVE-2026-32451 (Missing Authorization vulnerability in ThemeFusion Fusion
Builder fusi ...)
+ TODO: check
+CVE-2026-32450 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-32449 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-32448 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-32447 (Missing Authorization vulnerability in Vito Peleg Atarim
atarim-visual ...)
+ TODO: check
+CVE-2026-32446 (Missing Authorization vulnerability in Syed Balkhi Contact
Form by WPF ...)
+ TODO: check
+CVE-2026-32445 (Missing Authorization vulnerability in Elementor Elementor
Website Bui ...)
+ TODO: check
+CVE-2026-32443 (Cross-Site Request Forgery (CSRF) vulnerability in Josh
Kohlbach Produ ...)
+ TODO: check
+CVE-2026-32442 (Missing Authorization vulnerability in E2Pdf e2pdf e2pdf
allows Exploi ...)
+ TODO: check
+CVE-2026-32440 (Missing Authorization vulnerability in Ex-Themes WP Food
wp-food allow ...)
+ TODO: check
+CVE-2026-32439 (Missing Authorization vulnerability in WebGeniusLab BigHearts
bigheart ...)
+ TODO: check
+CVE-2026-32438 (Missing Authorization vulnerability in vowelweb VW School
Education vw ...)
+ TODO: check
+CVE-2026-32437 (Missing Authorization vulnerability in vowelweb VW Portfolio
vw-portfo ...)
+ TODO: check
+CVE-2026-32436 (Missing Authorization vulnerability in vowelweb VW Photography
vw-phot ...)
+ TODO: check
+CVE-2026-32435 (Missing Authorization vulnerability in vowelweb VW Pet Shop
vw-pet-sho ...)
+ TODO: check
+CVE-2026-32434 (Missing Authorization vulnerability in vowelweb VW Fitness
vw-fitness ...)
+ TODO: check
+CVE-2026-32433 (Improper Neutralization of Special Elements used in an SQL
Co
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eb4d0f60 by security tracker role at 2026-03-13T08:13:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,95 @@ +CVE-2026-3910 (Inappropriate implementation in V8 in Google Chrome prior to 146.0.768 ...) + TODO: check +CVE-2026-3909 (Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 al ...) + TODO: check +CVE-2026-3891 (The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrar ...) + TODO: check +CVE-2026-3611 (The Honeywell IQ4x building management controller, exposes its full we ...) + TODO: check +CVE-2026-3045 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments p ...) + TODO: check +CVE-2026-32612 (Statmatic is a Laravel and Git powered content management system (CMS) ...) + TODO: check +CVE-2026-32598 (OneUptime is a solution for monitoring and managing online services. P ...) + TODO: check +CVE-2026-32597 (PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, P ...) + TODO: check +CVE-2026-32322 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23. ...) + TODO: check +CVE-2026-32320 (Ella Core is a 5G core designed for private networks. Prior to 1.5.1, ...) + TODO: check +CVE-2026-32319 (Ella Core is a 5G core designed for private networks. Prior to 1.5.1, ...) + TODO: check +CVE-2026-32308 (OneUptime is a solution for monitoring and managing online services. P ...) + TODO: check +CVE-2026-32306 (OneUptime is a solution for monitoring and managing online services. P ...) + TODO: check +CVE-2026-32304 (Locutus brings stdlibs of other programming languages to JavaScript fo ...) + TODO: check +CVE-2026-32302 (OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-origi ...) + TODO: check +CVE-2026-32301 (Centrifugo is an open-source scalable real-time messaging server. Prio ...) + TODO: check +CVE-2026-2890 (The Formidable Forms plugin for WordPress is vulnerable to a payment i ...) + TODO: check +CVE-2026-2581 (This is an uncontrolled resource consumption vulnerability (CWE-400) t ...) + TODO: check +CVE-2026-2229 (ImpactThe undici WebSocket client is vulnerable to a denial-of-service ...) + TODO: check +CVE-2026-25823 (HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmwa ...) + TODO: check +CVE-2026-25819 (HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmwa ...) + TODO: check +CVE-2026-25818 (HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmwa ...) + TODO: check +CVE-2026-25817 (HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmwa ...) + TODO: check +CVE-2026-25076 (Anchore Enterprise versions before 5.25.1 contain an SQL injection vul ...) + TODO: check +CVE-2026-22216 (wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability ...) + TODO: check +CVE-2026-22215 (wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerabi ...) + TODO: check +CVE-2026-22210 (wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability t ...) + TODO: check +CVE-2026-22209 (wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability i ...) + TODO: check +CVE-2026-22204 (wpDiscuz before 7.6.47 contains an email header injection vulnerabilit ...) + TODO: check +CVE-2026-22203 (wpDiscuz before 7.6.47 contains an information disclosure vulnerabilit ...) + TODO: check +CVE-2026-22202 (wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerabi ...) + TODO: check +CVE-2026-22201 (wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the ge ...) + TODO: check +CVE-2026-22199 (wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that ...) + TODO: check +CVE-2026-22193 (wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the ...) + TODO: check +CVE-2026-22192 (wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerab ...) + TODO: check +CVE-2026-22191 (wpDiscuz before 7.6.47 contains a shortcode injection vulnerability th ...) + TODO: check +CVE-2026-22183 (wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerab ...) + TODO: check +CVE-2026-22182 (wpDiscuz before 7.6.47 contains an unauthenticated denial of service v ...) + TODO: check +CVE-2026-1704 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...) + TODO: check +CVE-2026-1528 (ImpactA server can reply with a WebSocket frame using the 64-bit lengt ...) + TODO: check +CVE-2026-1527 (ImpactWhen an application passes user-controlled input to theupgradeop ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0758c75f by security tracker role at 2026-03-12T20:13:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,255 @@ -CVE-2026-28356 [Denial of Service via maliciously crafted HTTP or multipart segment headers] +CVE-2026-4045 (A flaw has been found in projectsend up to r1945. This impacts an unkn ...) + TODO: check +CVE-2026-4044 (A vulnerability was detected in projectsend up to r1945. This affects ...) + TODO: check +CVE-2026-4043 (A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). ...) + TODO: check +CVE-2026-4042 (A weakness has been identified in Tenda i12 1.0.0.6(2204). The affecte ...) + TODO: check +CVE-2026-4041 (A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impact ...) + TODO: check +CVE-2026-4040 (A vulnerability was identified in OpenClaw up to 2026.2.17. This issue ...) + TODO: check +CVE-2026-4039 (A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerabi ...) + TODO: check +CVE-2026-4016 (A security vulnerability has been detected in GPAC 26.03-DEV. Affected ...) + TODO: check +CVE-2026-4015 (A weakness has been identified in GPAC 26.03-DEV. Affected is the func ...) + TODO: check +CVE-2026-3989 (SGLangs `replay_request_dump.py` contains an insecure pickle.load() wi ...) + TODO: check +CVE-2026-3841 (A command injection vulnerability has been identified in the Telnet co ...) + TODO: check +CVE-2026-3497 (Vulnerability in the OpenSSH GSSAPI delta included in various Linux di ...) + TODO: check +CVE-2026-3060 (SGLang' encoder parallel disaggregation system is vulnerable to unauth ...) + TODO: check +CVE-2026-3059 (SGLang's multimodal generation module is vulnerable to unauthenticated ...) + TODO: check +CVE-2026-32274 (Black is the uncompromising Python code formatter. Prior to 26.3.1, Bl ...) + TODO: check +CVE-2026-32269 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32260 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 ...) + TODO: check +CVE-2026-32259 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-32251 (Tolgee is an open-source localization platform. Prior to 3.166.3, the ...) + TODO: check +CVE-2026-32249 (Vim is an open source, command line text editor. From 9.1.0011 to befo ...) + TODO: check +CVE-2026-32248 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32247 (Graphiti is a framework for building and querying temporal context gra ...) + TODO: check +CVE-2026-32246 (Tinyauth is an authentication and authorization server. Prior to 5.0.3 ...) + TODO: check +CVE-2026-32245 (Tinyauth is an authentication and authorization server. Prior to 5.0.3 ...) + TODO: check +CVE-2026-32242 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32240 (Cap'n Proto is a data interchange format and capability-based RPC syst ...) + TODO: check +CVE-2026-32239 (Cap'n Proto is a data interchange format and capability-based RPC syst ...) + TODO: check +CVE-2026-32237 (Backstage is an open framework for building developer portals. Prior t ...) + TODO: check +CVE-2026-32236 (Backstage is an open framework for building developer portals. Prior t ...) + TODO: check +CVE-2026-32235 (Backstage is an open framework for building developer portals. Prior t ...) + TODO: check +CVE-2026-32232 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangl ...) + TODO: check +CVE-2026-32231 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webh ...) + TODO: check +CVE-2026-32230 (Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 ...) + TODO: check +CVE-2026-32142 (Shopware is an open commerce platform. /api/_info/config route exposes ...) + TODO: check +CVE-2026-32141 (flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() f ...) + TODO: check +CVE-2026-32140 (Dataease is an open source data visualization analysis tool. Prior to ...) + TODO: check +CVE-2026-32139 (Dataease is an open source data visualization analysis tool. In DataEa ...) + TODO: check +CVE-2026-32138 (NEXULEAN is a cybersecurity portfolio & service platform for an Ethica ...) + TODO: check +CVE-2026-32137 (Dataease is an open source data visualization analysis tool. Prior to ...) + TODO: check +CVE-2026-32129 (soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash fu ...) + TODO: check +CVE-20
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2aa74636 by security tracker role at 2026-03-12T08:13:32+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,245 @@ +CVE-2026-4014 (A security flaw has been discovered in itsourcecode Cafe Reservation S ...) + TODO: check +CVE-2026-4013 (A vulnerability was identified in SourceCodester Web-based Pharmacy Pr ...) + TODO: check +CVE-2026-4012 (A vulnerability was determined in rxi fe up to ed4cda96bd582cbb0852096 ...) + TODO: check +CVE-2026-4010 (A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b1 ...) + TODO: check +CVE-2026-4009 (A vulnerability has been found in jarikomppa soloud up to 20200207. Im ...) + TODO: check +CVE-2026-4008 (A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects so ...) + TODO: check +CVE-2026-4007 (A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerabi ...) + TODO: check +CVE-2026-3994 (A vulnerability was detected in rui314 mold up to 2.40.4. This issue a ...) + TODO: check +CVE-2026-3993 (A security vulnerability has been detected in itsourcecode Payroll Man ...) + TODO: check +CVE-2026-3992 (A weakness has been identified in CodeGenieApp serverless-express up t ...) + TODO: check +CVE-2026-3990 (A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0 ...) + TODO: check +CVE-2026-3984 (A weakness has been identified in Campcodes Division Regional Athletic ...) + TODO: check +CVE-2026-3983 (A security flaw has been discovered in Campcodes Division Regional Ath ...) + TODO: check +CVE-2026-3982 (A vulnerability was determined in itsourcecode University Management S ...) + TODO: check +CVE-2026-3981 (A vulnerability was found in itsourcecode Online Doctor Appointment Sy ...) + TODO: check +CVE-2026-3980 (A vulnerability has been found in itsourcecode Online Doctor Appointme ...) + TODO: check +CVE-2026-3979 (A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects ...) + TODO: check +CVE-2026-3978 (A vulnerability was detected in D-Link DIR-513 1.10. The impacted elem ...) + TODO: check +CVE-2026-3977 (A security vulnerability has been detected in projectsend up to r1945. ...) + TODO: check +CVE-2026-3976 (A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is ...) + TODO: check +CVE-2026-3975 (A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This is ...) + TODO: check +CVE-2026-3974 (A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnera ...) + TODO: check +CVE-2026-3973 (A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects ...) + TODO: check +CVE-2026-3972 (A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this ...) + TODO: check +CVE-2026-3971 (A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by ...) + TODO: check +CVE-2026-3970 (A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the funct ...) + TODO: check +CVE-2026-3969 (A vulnerability was detected in FeMiner wms up to 1.0. This impacts an ...) + TODO: check +CVE-2026-3968 (A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. ...) + TODO: check +CVE-2026-3967 (A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected ...) + TODO: check +CVE-2026-3966 (A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4- ...) + TODO: check +CVE-2026-3965 (A security vulnerability has been detected in whyour qinglong up to 2. ...) + TODO: check +CVE-2026-3964 (A weakness has been identified in OpenAkita up to 1.24.3. This impacts ...) + TODO: check +CVE-2026-3963 (A security flaw has been discovered in perfree go-fastdfs-web up to 1. ...) + TODO: check +CVE-2026-3962 (A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up ...) + TODO: check +CVE-2026-3961 (A vulnerability was determined in zyddnys manga-image-translator up to ...) + TODO: check +CVE-2026-3959 (A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c ...) + TODO: check +CVE-2026-3958 (A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This ...) + TODO: check +CVE-2026-3957 (A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f ...) + TODO: check +CVE-2026-3956 (A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8 ...) + TODO: check +CVE-2026-3955 (A security vulnerability has been detected in elecV2P up to 3.8.3. Aff ...) + TODO: check +CVE-2026-3942 (Incorrect security UI in PictureInPicture in Google Chrome prior to 14 ...) + TODO: check +CVE-2026-3941
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 22e1555b by security tracker role at 2026-03-11T20:13:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,324 @@ -CVE-2026-3904 [nscd client crash on x86_64 under high nscd load] +CVE-2026-3954 (A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by th ...) + TODO: check +CVE-2026-3951 (A security flaw has been discovered in LockerProject Locker 0.0.0/0.0. ...) + TODO: check +CVE-2026-3950 (A vulnerability was identified in strukturag libheif up to 1.21.2. Thi ...) + TODO: check +CVE-2026-3949 (A vulnerability was determined in strukturag libheif up to 1.21.2. Thi ...) + TODO: check +CVE-2026-3946 (A vulnerability was detected in PHPEMS 11.0. The affected element is a ...) + TODO: check +CVE-2026-3944 (A vulnerability was determined in itsourcecode University Management S ...) + TODO: check +CVE-2026-3943 (A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This af ...) + TODO: check +CVE-2026-3906 (WordPress core is vulnerable to unauthorized access in versions 6.9 th ...) + TODO: check +CVE-2026-3848 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...) + TODO: check +CVE-2026-3496 (The JetBooking plugin for WordPress is vulnerable to SQL Injection via ...) + TODO: check +CVE-2026-3492 (The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2026-3231 (The Checkout Field Editor (Checkout Manager) for WooCommerce plugin fo ...) + TODO: check +CVE-2026-3178 (The Name Directory plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2026-3013 (Coppermine Photo Gallery in versions 1.6.09 through 1.6.27is vulnerabl ...) + TODO: check +CVE-2026-32234 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32229 (In JetBrains Hub before 2026.1 possible on sign-in account mismatch wi ...) + TODO: check +CVE-2026-32098 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-32097 (PingPong is a platform for using large language models (LLMs) for teac ...) + TODO: check +CVE-2026-32096 (Plunk is an open-source email platform built on top of AWS SES. Prior ...) + TODO: check +CVE-2026-32095 (Plunk is an open-source email platform built on top of AWS SES. Prior ...) + TODO: check +CVE-2026-32094 (Shescape is a simple shell escape library for JavaScript. Prior to 2.1 ...) + TODO: check +CVE-2026-32063 (OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command inj ...) + TODO: check +CVE-2026-32062 (OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-ca ...) + TODO: check +CVE-2026-32061 (OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerab ...) + TODO: check +CVE-2026-32060 (OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerab ...) + TODO: check +CVE-2026-32059 (OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins va ...) + TODO: check +CVE-2026-31979 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...) + TODO: check +CVE-2026-31976 (xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 202 ...) + TODO: check +CVE-2026-31975 (Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude C ...) + TODO: check +CVE-2026-31974 (OpenProject is an open-source, web-based project management software. ...) + TODO: check +CVE-2026-31961 (Quill provides simple mac binary signing and notarization from any pla ...) + TODO: check +CVE-2026-31960 (Quill provides simple mac binary signing and notarization from any pla ...) + TODO: check +CVE-2026-31959 (Quill provides simple mac binary signing and notarization from any pla ...) + TODO: check +CVE-2026-31958 (Tornado is a Python web framework and asynchronous networking library. ...) + TODO: check +CVE-2026-31957 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...) + TODO: check +CVE-2026-31954 (Emlog is an open source website building system. In 2.6.6 and earlier, ...) + TODO: check +CVE-2026-31901 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-31900 (Black is the uncompromising Python code formatter. Black provides a Gi ...) + TODO: check +CVE-2026-31896 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...) + TODO: check +CVE-2026-31895 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...) + TODO: check +CVE-2026-31894 (WeGIA is a web mana
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a4625559 by security tracker role at 2026-03-11T08:13:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,371 @@ +CVE-2026-3911 (A flaw was found in Keycloak. An authenticated user with the view-user ...) + TODO: check +CVE-2026-3903 (The Modular DS: Monitor, update, and backup multiple websites plugin f ...) + TODO: check +CVE-2026-3884 (Versions of the package spin.js before 3.0.0 are vulnerable to Cross-s ...) + TODO: check +CVE-2026-3826 (IFTOP developed by WellChoose has a Local File Inclusion vulnerability ...) + TODO: check +CVE-2026-3825 (IFTOP developed by WellChoose has a Reflected Cross-site Scripting vul ...) + TODO: check +CVE-2026-3824 (IFTOP developed by WellChoose has an Open redirect vulnerability, allo ...) + TODO: check +CVE-2026-3534 (The Astra theme for WordPress is vulnerable to Stored Cross-Site Scrip ...) + TODO: check +CVE-2026-3453 (The ProfilePress plugin for WordPress is vulnerable to Insecure Direct ...) + TODO: check +CVE-2026-3222 (The WP Maps plugin for WordPress is vulnerable to time-based blind SQL ...) + TODO: check +CVE-2026-31844 (An authenticated SQL Injection vulnerability (CWE-89) exists in the Ko ...) + TODO: check +CVE-2026-31838 (Istio is an open platform to connect, manage, and secure microservices ...) + TODO: check +CVE-2026-31837 (Istio is an open platform to connect, manage, and secure microservices ...) + TODO: check +CVE-2026-31834 (Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A ...) + TODO: check +CVE-2026-31833 (Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An ...) + TODO: check +CVE-2026-31832 (Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A ...) + TODO: check +CVE-2026-31830 (sigstore-ruby is a pure Ruby implementation of the sigstore verify com ...) + TODO: check +CVE-2026-31829 (Flowise is a drag & drop user interface to build a customized large la ...) + TODO: check +CVE-2026-31828 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-31827 (Alienbin is an anonymous code and text sharing web service. In 1.0.0 a ...) + TODO: check +CVE-2026-31826 (pypdf is a free and open-source pure-python PDF library. Prior to 6.8. ...) + TODO: check +CVE-2026-31825 (Sylius is an Open Source eCommerce Framework on Symfony. Sylius API fi ...) + TODO: check +CVE-2026-31824 (Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Che ...) + TODO: check +CVE-2026-31823 (Sylius is an Open Source eCommerce Framework on Symfony. An authentica ...) + TODO: check +CVE-2026-31822 (Sylius is an Open Source eCommerce Framework on Symfony. A cross-site ...) + TODO: check +CVE-2026-31821 (Sylius is an Open Source eCommerce Framework on Symfony. The POST /api ...) + TODO: check +CVE-2026-31820 (Sylius is an Open Source eCommerce Framework on Symfony. An authentica ...) + TODO: check +CVE-2026-31819 (Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitc ...) + TODO: check +CVE-2026-31817 (OliveTin gives access to predefined shell commands from a web interfac ...) + TODO: check +CVE-2026-31815 (Unicorn adds modern reactive component functionality to your Django te ...) + TODO: check +CVE-2026-31812 (Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC ...) + TODO: check +CVE-2026-31809 (SiYuan is a personal knowledge management system. Prior to 3.5.10, SiY ...) + TODO: check +CVE-2026-31808 (file-type detects the file type of a file, stream, or data. Prior to 2 ...) + TODO: check +CVE-2026-31807 (SiYuan is a personal knowledge management system. Prior to 3.5.10, SiY ...) + TODO: check +CVE-2026-31801 (zot is ancontainer image/artifact registry based on the Open Container ...) + TODO: check +CVE-2026-31800 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30972 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30967 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30966 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30965 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30962 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30954 (LinkAce is a self-hosted archive to collect website links. In 2.1.0 an ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d250484a by security tracker role at 2026-03-10T20:13:32+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,477 @@ -CVE-2026-23240 [tls: Fix race condition in tls_sw_cancel_work_tx()] +CVE-2026-3862 (Cross-site Scripting (XSS) allows an attacker to submit specially craf ...) + TODO: check +CVE-2026-3854 (An improper neutralization of special elements vulnerability was ident ...) + TODO: check +CVE-2026-3847 (Memory safety bugs present in Firefox 148.0.2. Some of these bugs show ...) + TODO: check +CVE-2026-3846 (Same-origin policy bypass in the CSS Parsing and Computation component ...) + TODO: check +CVE-2026-3845 (Heap buffer overflow in the Audio/Video: Playback component in Firefox ...) + TODO: check +CVE-2026-3843 (Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on L ...) + TODO: check +CVE-2026-3582 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...) + TODO: check +CVE-2026-3483 (An exposed dangerous method in Ivanti DSM before version 2026.1.1 allo ...) + TODO: check +CVE-2026-3370 + REJECTED +CVE-2026-3315 (Incorrect Default Permissions, : Execution with Unnecessary Privileges ...) + TODO: check +CVE-2026-3306 (An improper authorization vulnerability was identified in GitHub Enter ...) + TODO: check +CVE-2026-3228 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...) + TODO: check +CVE-2026-31797 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-31796 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-31795 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-31794 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-31793 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-31792 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30987 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30986 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30985 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30984 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30983 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30982 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30981 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30980 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30979 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30978 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-30977 (RenderBlocking is a MediaWiki extension that allows interface administ ...) + TODO: check +CVE-2026-30974 (Copyparty is a portable file server. Prior to v1.20.11., the nohtml co ...) + TODO: check +CVE-2026-30973 (Appium is an automation framework that provides WebDriver-based automa ...) + TODO: check +CVE-2026-30970 (Coral Server is open collaboration infrastructure that enables communi ...) + TODO: check +CVE-2026-30969 (Coral Server is open collaboration infrastructure that enables communi ...) + TODO: check +CVE-2026-30968 (Coral Server is open collaboration infrastructure that enables communi ...) + TODO: check +CVE-2026-30964 (web-auth/webauthn-lib is an open source set of PHP libraries and a Sym ...) + TODO: check +CVE-2026-30960 (rssn is a scientific computing library for Rust, combining a high-perf ...) + TODO: check +CVE-2026-30959 (OneUptime is a solution for monitoring and managing online services. T ...) + TODO: check +CVE-2026-30958 (OneUptime is a solution for monitoring and managing online services. P ...) + TODO: check +CVE-2026-30957 (OneUptime is a solution for monitoring and managing online services. P ...) + TODO: check +CVE-2026-30956 (OneUptime is a solution for monitoring and managing online services. P ...) + TODO: check +CVE-2026-30945 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...) + TODO: chec
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a2972a8d by security tracker role at 2026-03-10T08:13:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,150 @@ -CVE-2026-3288 +CVE-2026-3585 (The The Events Calendar plugin for WordPress is vulnerable to Path Tra ...) + TODO: check +CVE-2026-31816 (Budibase is a low code platform for creating internal tools, workflows ...) + TODO: check +CVE-2026-31802 (node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, ...) + TODO: check +CVE-2026-30937 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-30936 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-30935 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-30931 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-30929 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-30927 (Admidio is an open-source user management solution. Prior to 5.0.6, in ...) + TODO: check +CVE-2026-30926 (SiYuan is a personal knowledge management system. Prior to 3.5.10, a p ...) + TODO: check +CVE-2026-30925 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30921 (OneUptime is a solution for monitoring and managing online services. P ...) + TODO: check +CVE-2026-30920 (OneUptime is a solution for monitoring and managing online services. P ...) + TODO: check +CVE-2026-30919 (facileManager is a modular suite of web apps built with the sysadmin i ...) + TODO: check +CVE-2026-30918 (facileManager is a modular suite of web apps built with the sysadmin i ...) + TODO: check +CVE-2026-30917 (Bucket is a MediaWiki extension to store and retrieve structured data ...) + TODO: check +CVE-2026-30916 (Shescape is a simple shell escape library for JavaScript. Prior to 2.1 ...) + TODO: check +CVE-2026-30913 (Flarum is open-source forum software. When the flarum/nicknames extens ...) + TODO: check +CVE-2026-30887 (OneUptime is a solution for monitoring and managing online services. P ...) + TODO: check +CVE-2026-30885 (WWBN AVideo is an open source video platform. Prior to 25.0, the /obje ...) + TODO: check +CVE-2026-30883 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-30870 (PowerSync Service is the server-side component of the PowerSync sync e ...) + TODO: check +CVE-2026-30869 (SiYuan is a personal knowledge management system. Prior to 3.5.10, a p ...) + TODO: check +CVE-2026-30862 (Appsmith is a platform to build admin panels, internal tools, and dash ...) + TODO: check +CVE-2026-30240 (Budibase is a low code platform for creating internal tools, workflows ...) + TODO: check +CVE-2026-2364 (If a legitimate user confirms a self-update prompt or initiate an inst ...) + TODO: check +CVE-2026-29773 (Kubewarden is a policy engine for Kubernetes. Kubewarden cluster opera ...) + TODO: check +CVE-2026-28693 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-28692 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-28691 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-28690 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-28689 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-28688 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-28687 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-28686 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-28513 (Pocket ID is an OIDC provider that allows users to authenticate with t ...) + TODO: check +CVE-2026-28512 (Pocket ID is an OIDC provider that allows users to authenticate with t ...) + TODO: check +CVE-2026-28494 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-28493 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-28433 (Misskey is an open source, federated social media platform. All Misske ...) + TODO: check +CVE-2026-28432 (Misskey is an open source, federated social media platform
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 59f7a656 by security tracker role at 2026-03-09T20:13:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,162 @@ -CVE-2025-69219 +CVE-2026-3819 (A vulnerability has been found in SourceCodester Resort Reservation Sy ...) + TODO: check +CVE-2026-3818 (A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is ...) + TODO: check +CVE-2026-3817 (A vulnerability was detected in SourceCodester Patients Waiting Area Q ...) + TODO: check +CVE-2026-3816 (A security vulnerability has been detected in OWASP DefectDojo up to 2 ...) + TODO: check +CVE-2026-3815 (A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. Thi ...) + TODO: check +CVE-2026-3814 (A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711 ...) + TODO: check +CVE-2026-3813 (A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb8 ...) + TODO: check +CVE-2026-3812 (A vulnerability was determined in itsourcecode Payroll Management Syst ...) + TODO: check +CVE-2026-3811 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts ...) + TODO: check +CVE-2026-3638 (Improper access control in user and role restore API endpoints in Devo ...) + TODO: check +CVE-2026-3588 (A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2 ...) + TODO: check +CVE-2026-3089 (Actual Sync Server allows authenticated users to upload files through ...) + TODO: check +CVE-2026-3038 (The rtsock_msg_buffer() function serializes routing information into a ...) + TODO: check +CVE-2026-30140 (An incorrect access control vulnerability exists in Tenda W15E V02.03. ...) + TODO: check +CVE-2026-2919 (Malicious scripts could display attacker-controlled web content under ...) + TODO: check +CVE-2026-2261 (Due to a programming error, blocklistd leaks a socket descriptor for e ...) + TODO: check +CVE-2026-29023 (Keygraph Shannon contains a hard-coded API key in its router configura ...) + TODO: check +CVE-2026-25866 (MobaXterm versions prior to 26.1 contain an uncontrolled search path e ...) + TODO: check +CVE-2026-25041 (Budibase is a low code platform for creating internal tools, workflows ...) + TODO: check +CVE-2026-24713 (Improper Input Validation vulnerability in Apache IoTDB. This issue a ...) + TODO: check +CVE-2026-24015 (A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro ...) + TODO: check +CVE-2026-21736 (Software installed and run as a non-privileged user may conduct improp ...) + TODO: check +CVE-2026-0846 (A vulnerability in the `filestring()` function of the `nltk.util` modu ...) + TODO: check +CVE-2025-70250 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...) + TODO: check +CVE-2025-70243 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...) + TODO: check +CVE-2025-70238 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...) + TODO: check +CVE-2025-70060 (An issue pertaining to CWE-79: Improper Neutralization of Input During ...) + TODO: check +CVE-2025-70059 (An issue pertaining to CWE-400: Uncontrolled Resource Consumption was ...) + TODO: check +CVE-2025-70050 (An issue pertaining to CWE-312: Cleartext Storage of Sensitive Informa ...) + TODO: check +CVE-2025-70048 (An issue pertaining to CWE-319: Cleartext Transmission of Sensitive In ...) + TODO: check +CVE-2025-70047 (An issue pertaining to CWE-400: Uncontrolled Resource Consumption was ...) + TODO: check +CVE-2025-70046 (An issue pertaining to CWE-829: Inclusion of Functionality from Untrus ...) + TODO: check +CVE-2025-70042 (An issue pertaining to CWE-918: Server-Side Request Forgery was discov ...) + TODO: check +CVE-2025-70040 (An issue pertaining to CWE-532: Insertion of Sensitive Information int ...) + TODO: check +CVE-2025-70039 (An issue pertaining to CWE-78: Improper Neutralization of Special Elem ...) + TODO: check +CVE-2025-70038 (An issue pertaining to CWE-79: Improper Neutralization of Input During ...) + TODO: check +CVE-2025-70037 (An issue pertaining to CWE-601: URL Redirection to Untrusted Site was ...) + TODO: check +CVE-2025-70034 (An issue pertaining to CWE-1333: Inefficient Regular Expression Comple ...) + TODO: check +CVE-2025-70033 (An issue pertaining to CWE-79: Improper Neutralization of Input During ...) + TODO: check +CVE-2025-70032 (An issue pertaining to CWE-601: URL Redirection to Untrusted Site was ...) + TODO: check +CVE-2025-70031 (An issue pertaining to CWE-352: Cross-Site Request Forgery was discove
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d8f992f by security tracker role at 2026-03-09T08:13:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,161 @@ +CVE-2026-3823 (EHG2408 series switch developed by Atop Technologies has a Stack-based ...) + TODO: check +CVE-2026-3822 (Taipower APP developed by Taipower has an Improper Certificate Validat ...) + TODO: check +CVE-2026-3810 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This aff ...) + TODO: check +CVE-2026-3809 (A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted elem ...) + TODO: check +CVE-2026-3808 (A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affect ...) + TODO: check +CVE-2026-3807 (A security vulnerability has been detected in Tenda FH1202 1.2.0.14(40 ...) + TODO: check +CVE-2026-3806 (A weakness has been identified in SourceCodester/janobe Resort Reserva ...) + TODO: check +CVE-2026-3804 (A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vu ...) + TODO: check +CVE-2026-3803 (A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects ...) + TODO: check +CVE-2026-3802 (A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by ...) + TODO: check +CVE-2026-3801 (A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this ...) + TODO: check +CVE-2026-3800 (A vulnerability has been found in SourceCodester/janobe Resort Reserva ...) + TODO: check +CVE-2026-3799 (A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the func ...) + TODO: check +CVE-2026-3798 (A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects ...) + TODO: check +CVE-2026-3797 (A security vulnerability has been detected in Tiandy Video Surveillanc ...) + TODO: check +CVE-2026-3796 (A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 202 ...) + TODO: check +CVE-2026-3795 (A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacte ...) + TODO: check +CVE-2026-3794 (A vulnerability was identified in doramart DoraCMS 3.0.x. This issue a ...) + TODO: check +CVE-2026-3793 (A vulnerability was determined in SourceCodester Sales and Inventory S ...) + TODO: check +CVE-2026-3792 (A vulnerability was found in SourceCodester Sales and Inventory System ...) + TODO: check +CVE-2026-3791 (A vulnerability has been found in SourceCodester Sales and Inventory S ...) + TODO: check +CVE-2026-3790 (A flaw has been found in SourceCodester Sales and Inventory System 1.0 ...) + TODO: check +CVE-2026-3789 (A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the ...) + TODO: check +CVE-2026-3788 (A security vulnerability has been detected in Bytedesk up to 1.3.9. Th ...) + TODO: check +CVE-2026-3787 (A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This af ...) + TODO: check +CVE-2026-3786 (A security flaw has been discovered in EasyCMS up to 1.6. The impacted ...) + TODO: check +CVE-2026-3785 (A vulnerability was identified in EasyCMS up to 1.6. The affected elem ...) + TODO: check +CVE-2026-3771 (A vulnerability has been found in SourceCodester/janobe Resort Reserva ...) + TODO: check +CVE-2026-3770 (A flaw has been found in SourceCodester Computer Laboratory Management ...) + TODO: check +CVE-2026-3769 (A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this i ...) + TODO: check +CVE-2026-3768 (A security vulnerability has been detected in Tenda F453 1.0.0.3. Affe ...) + TODO: check +CVE-2026-3767 (A weakness has been identified in itsourcecode sanitize or validate th ...) + TODO: check +CVE-2026-3766 (A security flaw has been discovered in SourceCodester Web-based Pharma ...) + TODO: check +CVE-2026-3765 (A vulnerability was identified in itsourcecode University Management S ...) + TODO: check +CVE-2026-3764 (A vulnerability was determined in SourceCodester Client Database Manag ...) + TODO: check +CVE-2026-3763 (A vulnerability was found in code-projects Simple Flight Ticket Bookin ...) + TODO: check +CVE-2026-3762 (A vulnerability has been found in SourceCodester Client Database Manag ...) + TODO: check +CVE-2026-3761 (A flaw has been found in SourceCodester Client Database Management Sys ...) + TODO: check +CVE-2026-3760 (A vulnerability was detected in itsourcecode University Management Sys ...) + TODO: check +CVE-2026-3759 (A security vulnerability has been detected in projectworlds Online Art ...) + TODO: check +CVE-2026-3758 (A weakness has been identified in projectworlds Online Art Gallery Sho ...) + TODO: check +CVE-2026-3757
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1bb0f824 by security tracker role at 2026-03-08T08:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,78 @@ -CVE-2026-30910 +CVE-2026-3721 (A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3. ...) + TODO: check +CVE-2026-3720 (A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up ...) + TODO: check +CVE-2026-3719 (A vulnerability was identified in Tsinghua Unigroup Electronic Archive ...) + TODO: check +CVE-2026-3716 (A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vu ...) + TODO: check +CVE-2026-3715 (A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects ...) + TODO: check +CVE-2026-3714 (A vulnerability has been found in OpenCart 4.0.2.3. Affected by this i ...) + TODO: check +CVE-2026-3713 (A flaw has been found in pnggroup libpng up to 1.6.55. Affected by thi ...) + TODO: check +CVE-2026-3711 (A vulnerability was detected in code-projects Simple Flight Ticket Boo ...) + TODO: check +CVE-2026-3710 (A security vulnerability has been detected in code-projects Simple Fli ...) + TODO: check +CVE-2026-3709 (A weakness has been identified in code-projects Simple Flight Ticket B ...) + TODO: check +CVE-2026-3708 (A security flaw has been discovered in code-projects Simple Flight Tic ...) + TODO: check +CVE-2026-3707 (A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affe ...) + TODO: check +CVE-2026-3706 (A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted ...) + TODO: check +CVE-2026-3705 (A vulnerability was found in code-projects Simple Flight Ticket Bookin ...) + TODO: check +CVE-2026-3704 (A vulnerability has been found in Wavlink NU516U1 251208. This vulnera ...) + TODO: check +CVE-2026-3703 (A flaw has been found in Wavlink NU516U1 251208. This affects the func ...) + TODO: check +CVE-2026-3702 (A vulnerability was detected in SourceCodester Loan Management System ...) + TODO: check +CVE-2026-3701 (A security vulnerability has been detected in H3C Magic B1 up to 100R0 ...) + TODO: check +CVE-2026-3700 (A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. A ...) + TODO: check +CVE-2026-3699 (A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711 ...) + TODO: check +CVE-2026-3698 (A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. T ...) + TODO: check +CVE-2026-3697 (A vulnerability was determined in Planet ICG-2510 1.0_20250811. The im ...) + TODO: check +CVE-2026-3696 (A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The ...) + TODO: check +CVE-2026-3695 (A vulnerability has been found in SourceCodester Modern Image Gallery ...) + TODO: check +CVE-2026-3693 (A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This iss ...) + TODO: check +CVE-2026-3683 (A vulnerability was detected in bufanyun HotGo up to 2.0. This issue a ...) + TODO: check +CVE-2026-3682 (A security vulnerability has been detected in welovemedia FFmate up to ...) + TODO: check +CVE-2026-3681 (A weakness has been identified in welovemedia FFmate up to 2.0.15. Thi ...) + TODO: check +CVE-2026-3680 (A security flaw has been discovered in RyuzakiShinji biome-mcp-server ...) + TODO: check +CVE-2026-3679 (A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by thi ...) + TODO: check +CVE-2026-3678 (A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the ...) + TODO: check +CVE-2026-3677 (A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the fun ...) + TODO: check +CVE-2026-3675 (A vulnerability was determined in Freedom Factory dGEN1 up to 20260221 ...) + TODO: check +CVE-2026-3674 (A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Aff ...) + TODO: check +CVE-2026-3672 (A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is t ...) + TODO: check +CVE-2026-3671 (A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affecte ...) + TODO: check +CVE-2026-30910 (Crypt::Sodium::XS versions through 0.001000 for Perl has potential int ...) NOT-FOR-US: Crypt::Sodium::XS Perl module -CVE-2026-30909 +CVE-2026-30909 (Crypt::NaCl::Sodium versions through 2.002 for Perl has potential inte ...) - libcrypt-nacl-sodium-perl (bug #1117213) NOTE: https://lists.security.metacpan.org/cve-announce/msg/37735452/ CVE-2026-3670 (A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b098721f by security tracker role at 2026-03-07T20:13:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,101 @@ +CVE-2026-3670 (A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. ...) + TODO: check +CVE-2026-3669 (A security vulnerability has been detected in Freedom Factory dGEN1 up ...) + TODO: check +CVE-2026-3668 (A weakness has been identified in Freedom Factory dGEN1 up to 20260221 ...) + TODO: check +CVE-2026-3667 (A security flaw has been discovered in Freedom Factory dGEN1 up to 202 ...) + TODO: check +CVE-2026-3665 (A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The ...) + TODO: check +CVE-2026-3664 (A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Imp ...) + TODO: check +CVE-2026-3663 (A vulnerability was found in xlnt-community xlnt up to 1.6.1. This iss ...) + TODO: check +CVE-2026-3662 (A vulnerability has been found in Wavlink WL-NU516U1 240425. This vuln ...) + TODO: check +CVE-2026-3661 (A flaw has been found in Wavlink WL-NU516U1 240425. This affects the f ...) + TODO: check +CVE-2026-30863 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30861 (WeKnora is an LLM-powered framework designed for deep document underst ...) + TODO: check +CVE-2026-30860 (WeKnora is an LLM-powered framework designed for deep document underst ...) + TODO: check +CVE-2026-30859 (WeKnora is an LLM-powered framework designed for deep document underst ...) + TODO: check +CVE-2026-30858 (WeKnora is an LLM-powered framework designed for deep document underst ...) + TODO: check +CVE-2026-30857 (WeKnora is an LLM-powered framework designed for deep document underst ...) + TODO: check +CVE-2026-30856 (WeKnora is an LLM-powered framework designed for deep document underst ...) + TODO: check +CVE-2026-30855 (WeKnora is an LLM-powered framework designed for deep document underst ...) + TODO: check +CVE-2026-30854 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30852 (Caddy is an extensible server platform that uses TLS by default. From ...) + TODO: check +CVE-2026-30851 (Caddy is an extensible server platform that uses TLS by default. From ...) + TODO: check +CVE-2026-30850 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30848 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30838 (league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, th ...) + TODO: check +CVE-2026-30834 (PinchTab is a standalone HTTP server that gives AI agents direct contr ...) + TODO: check +CVE-2026-30832 (Soft Serve is a self-hostable Git server for the command line. From ve ...) + TODO: check +CVE-2026-2671 (A vulnerability was detected in Mendi Neurofeedback Headset V4. Affect ...) + TODO: check +CVE-2026-29787 (mcp-memory-service is an open-source memory backend for multi-agent sy ...) + TODO: check +CVE-2026-29786 (node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, ...) + TODO: check +CVE-2026-29784 (Ghost is a Node.js content management system. From version 5.101.6 to ...) + TODO: check +CVE-2026-29781 (Sliver is a command and control framework that uses a custom Wireguard ...) + TODO: check +CVE-2026-29780 (eml_parser serves as a python module for parsing eml files and returni ...) + TODO: check +CVE-2026-29779 (UptimeFlare is a serverless uptime monitoring & status page solution, ...) + TODO: check +CVE-2026-29778 (pyLoad is a free and open-source download manager written in Python. F ...) + TODO: check +CVE-2026-29771 (Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /a ...) + TODO: check +CVE-2026-29196 (Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user ...) + TODO: check +CVE-2026-29195 (Netmaker makes networks with WireGuard. Prior to version 1.5.0, the us ...) + TODO: check +CVE-2026-29194 (Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Au ...) + TODO: check +CVE-2026-29193 (ZITADEL is an open source identity management platform. From version 4 ...) + TODO: check +CVE-2026-29192 (ZITADEL is an open source identity management platform. From version 4 ...) + TODO: check +CVE-2026-29191 (ZITADEL is an open source identity management platform. From version 4 ...) + TODO: check +CVE-2026-29190 (Karapace is an open-source implementation of Kafka REST and Schema Reg ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a67a281 by security tracker role at 2026-03-07T08:13:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,151 @@ +CVE-2026-3352 (The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code I ...) + TODO: check +CVE-2026-3233 + REJECTED +CVE-2026-30842 (Wallos is an open-source, self-hostable personal subscription tracker. ...) + TODO: check +CVE-2026-30841 (Wallos is an open-source, self-hostable personal subscription tracker. ...) + TODO: check +CVE-2026-30840 (Wallos is an open-source, self-hostable personal subscription tracker. ...) + TODO: check +CVE-2026-30839 (Wallos is an open-source, self-hostable personal subscription tracker. ...) + TODO: check +CVE-2026-30835 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30830 (Defuddle cleans up HTML pages. Prior to version 0.9.0, the _findConten ...) + TODO: check +CVE-2026-30829 (Checkmate is an open-source, self-hosted tool designed to track and mo ...) + TODO: check +CVE-2026-30828 (Wallos is an open-source, self-hostable personal subscription tracker. ...) + TODO: check +CVE-2026-30827 (express-rate-limit is a basic rate-limiting middleware for Express. In ...) + TODO: check +CVE-2026-30825 (hoppscotch is an open source API development ecosystem. Prior to versi ...) + TODO: check +CVE-2026-30824 (Flowise is a drag & drop user interface to build a customized large la ...) + TODO: check +CVE-2026-30823 (Flowise is a drag & drop user interface to build a customized large la ...) + TODO: check +CVE-2026-30822 (Flowise is a drag & drop user interface to build a customized large la ...) + TODO: check +CVE-2026-30821 (Flowise is a drag & drop user interface to build a customized large la ...) + TODO: check +CVE-2026-30820 (Flowise is a drag & drop user interface to build a customized large la ...) + TODO: check +CVE-2026-30247 (WeKnora is an LLM-powered framework designed for deep document underst ...) + TODO: check +CVE-2026-30244 (Plane is an an open-source project management tool. Prior to version 1 ...) + TODO: check +CVE-2026-30242 (Plane is an an open-source project management tool. Prior to version 1 ...) + TODO: check +CVE-2026-30241 (Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, M ...) + TODO: check +CVE-2026-30238 (Group-Office is an enterprise customer relationship management and gro ...) + TODO: check +CVE-2026-30237 (Group-Office is an enterprise customer relationship management and gro ...) + TODO: check +CVE-2026-30233 (OliveTin gives access to predefined shell commands from a web interfac ...) + TODO: check +CVE-2026-30231 (Flare is a Next.js-based, self-hostable file sharing platform that int ...) + TODO: check +CVE-2026-30230 (Flare is a Next.js-based, self-hostable file sharing platform that int ...) + TODO: check +CVE-2026-30229 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30228 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-30227 (MimeKit is a C# library which may be used for the creation and parsing ...) + TODO: check +CVE-2026-30225 (OliveTin gives access to predefined shell commands from a web interfac ...) + TODO: check +CVE-2026-30224 (OliveTin gives access to predefined shell commands from a web interfac ...) + TODO: check +CVE-2026-30223 (OliveTin gives access to predefined shell commands from a web interfac ...) + TODO: check +CVE-2026-2722 (The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2026-2721 (The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2026-2494 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...) + TODO: check +CVE-2026-2488 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...) + TODO: check +CVE-2026-2433 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...) + TODO: check +CVE-2026-2431 (The CM Custom Reports plugin for WordPress is vulnerable to Reflected ...) + TODO: check +CVE-2026-2429 (The Community Events plugin for WordPress is vulnerable to SQL Injecti ...) + TODO: check +CVE-2026-2420 (The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2026-2371 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...) + TODO: check +CVE-2026-2020 (The JS Archive List plugin for WordPress is vulner
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92375c04 by security tracker role at 2026-03-06T20:13:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,183 @@
+CVE-2026-3653
+ REJECTED
+CVE-2026-3589 (The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2
does no ...)
+ TODO: check
+CVE-2026-3419 (Fastify incorrectly accepts malformed `Content-Type` headers
containin ...)
+ TODO: check
+CVE-2026-30847 (Wekan is an open source kanban tool built with Meteor. In
versions 8.3 ...)
+ TODO: check
+CVE-2026-30846 (Wekan is an open source kanban tool built with Meteor. In
versions 8.3 ...)
+ TODO: check
+CVE-2026-30845 (Wekan is an open source kanban tool built with Meteor. In
versions 8.3 ...)
+ TODO: check
+CVE-2026-30844 (Wekan is an open source kanban tool built with Meteor.
Versions 8.32 a ...)
+ TODO: check
+CVE-2026-30843 (Wekan is an open source kanban tool built with Meteor.
Versions 8.32 a ...)
+ TODO: check
+CVE-2026-30833 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-30831 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-2754 (Navtor NavBox exposes sensitive configuration and operational
data due ...)
+ TODO: check
+CVE-2026-2753 (An Absolute Path Traversal vulnerability exists in Navtor
NavBox. The ...)
+ TODO: check
+CVE-2026-2752 (Navtor NavBox allows information disclosure via the
/api/ais-data endp ...)
+ TODO: check
+CVE-2026-29783 (The shell tool within GitHub Copilot CLI versions prior to and
includi ...)
+ TODO: check
+CVE-2026-29178 (Lemmy, a link aggregator and forum for the fediverse, is
vulnerable to ...)
+ TODO: check
+CVE-2026-29110 (Cryptomator encrypts data being stored on cloud
infrastructure. Prior ...)
+ TODO: check
+CVE-2026-29091 (Locutus brings stdlibs of other programming languages to
JavaScript fo ...)
+ TODO: check
+CVE-2026-29089 (TimescaleDB is a time-series database for high-performance
real-time a ...)
+ TODO: check
+CVE-2026-29087 (@hono/node-server allows running the Hono application on
Node.js. Prio ...)
+ TODO: check
+CVE-2026-29082 (Kestra is an event-driven orchestration platform. In versions
from 1.1 ...)
+ TODO: check
+CVE-2026-29075 (Mesa is an open-source Python library for agent-based
modeling, simula ...)
+ TODO: check
+CVE-2026-29064 (Zarf is an Airgap Native Packager Manager for Kubernetes. From
version ...)
+ TODO: check
+CVE-2026-29063 (Immutable.js provides many Persistent Immutable data
structures. Prior ...)
+ TODO: check
+CVE-2026-28514 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-28106 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in K ...)
+ TODO: check
+CVE-2026-28080 (Missing Authorization vulnerability in Rank Math Rank Math SEO
PRO all ...)
+ TODO: check
+CVE-2026-2 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-27764 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
+ TODO: check
+CVE-2026-27123
+ REJECTED
+CVE-2026-27027 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-26288 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
+ TODO: check
+CVE-2026-26051 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
+ TODO: check
+CVE-2026-26018 (CoreDNS is a DNS server that chains plugins. Prior to version
1.14.2, ...)
+ TODO: check
+CVE-2026-26017 (CoreDNS is a DNS server that chains plugins. Prior to version
1.14.2, ...)
+ TODO: check
+CVE-2026-24696 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-23925 (An authenticated Zabbix user (User role) with template/host
write perm ...)
+ TODO: check
+CVE-2026-20882 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-20748 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
+ TODO: check
+CVE-2026-1799
+ REJECTED
+CVE-2026-1468 (QuickCMS is vulnerable to Cross-Site Request Forgery across
multiple e ...)
+ TODO: check
+CVE-2025-70363 (Incorrect access control in the REST API of Ibexa & Ciril
GROUP eZ Pla ...)
+ TODO: check
+CVE-2025-69654 (A crafted JavaScript input executed with the QuickJS release
2025-09-1 ...)
+ TODO: check
+CVE-2025-69653 (A crafted JavaScript input can trigger an internal assertion
failure i ...)
+ TODO: che
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
495e3d3f by security tracker role at 2026-03-06T08:12:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,341 @@
+CVE-2026-3616 (A vulnerability was detected in DefaultFuction Jeson Customer
Relation ...)
+ TODO: check
+CVE-2026-3613 (A vulnerability was identified in Wavlink WL-NU516U1 V240425.
This vul ...)
+ TODO: check
+CVE-2026-3612 (A vulnerability was determined in Wavlink WL-NU516U1 V240425.
This aff ...)
+ TODO: check
+CVE-2026-3610 (A vulnerability was found in HSC Cybersecurity Mailinspector up
to 5.3 ...)
+ TODO: check
+CVE-2026-3606 (A vulnerability has been found in Ettercap 0.8.4-Garofalo.
Affected by ...)
+ TODO: check
+CVE-2026-2830 (The WP All Import \u2013 Drag & Drop Import for CSV, XML, Excel
& Goog ...)
+ TODO: check
+CVE-2026-2593 (The Greenshift \u2013 animation and page builder blocks plugin
for Wor ...)
+ TODO: check
+CVE-2026-2589 (The Greenshift \u2013 animation and page builder blocks plugin
for Wor ...)
+ TODO: check
+CVE-2026-2446 (The PowerPack for LearnDash WordPress plugin before 1.3.0 does
not hav ...)
+ TODO: check
+CVE-2026-2331 (An attacker may perform unauthenticated read and write
operations on s ...)
+ TODO: check
+CVE-2026-2330 (An attacker may access restricted filesystem areas on the
device via t ...)
+ TODO: check
+CVE-2026-29613 (OpenClaw versions prior to 2026.2.12 contain a vulnerability
in the Bl ...)
+ TODO: check
+CVE-2026-29612 (OpenClaw versions prior to 2026.2.14 decode base64-backed
media inputs ...)
+ TODO: check
+CVE-2026-29611 (OpenClaw versions prior to 2026.2.14 contain a local file
inclusion vu ...)
+ TODO: check
+CVE-2026-29610 (OpenClaw versions prior to 2026.2.14 contain a command
hijacking vulne ...)
+ TODO: check
+CVE-2026-29609 (OpenClaw versions prior to 2026.2.14 contain a denial of
service vulne ...)
+ TODO: check
+CVE-2026-29606 (OpenClaw versions prior to 2026.2.14 contain a webhook
signature-verif ...)
+ TODO: check
+CVE-2026-29188 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2026-29183 (SiYuan is a personal knowledge management system. Prior to
version 3.5 ...)
+ TODO: check
+CVE-2026-29093 (WWBN AVideo is an open source video platform. Prior to version
24.0, t ...)
+ TODO: check
+CVE-2026-29084 (Gokapi is a self-hosted file sharing server with automatic
expiration ...)
+ TODO: check
+CVE-2026-29081 (Frappe is a full-stack web application framework. Prior to
versions 14 ...)
+ TODO: check
+CVE-2026-29077 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
+ TODO: check
+CVE-2026-29074 (SVGO, short for SVG Optimizer, is a Node.js library and
command-line a ...)
+ TODO: check
+CVE-2026-29073 (SiYuan is a personal knowledge management system. Prior to
version 3.6 ...)
+ TODO: check
+CVE-2026-29068 (PJSIP is a free and open source multimedia communication
library writt ...)
+ TODO: check
+CVE-2026-29065 (changedetection.io is a free open source web page change
detection too ...)
+ TODO: check
+CVE-2026-29062 (jackson-core contains core low-level incremental ("streaming")
parser ...)
+ TODO: check
+CVE-2026-29061 (Gokapi is a self-hosted file sharing server with automatic
expiration ...)
+ TODO: check
+CVE-2026-29060 (Gokapi is a self-hosted file sharing server with automatic
expiration ...)
+ TODO: check
+CVE-2026-29059 (Windmill is an open-source developer platform for internal
code: APIs, ...)
+ TODO: check
+CVE-2026-29058 (AVideo is a video-sharing Platform software. Prior to version
7.0, an ...)
+ TODO: check
+CVE-2026-29049 (melange allows users to build apk packages using declarative
pipelines ...)
+ TODO: check
+CVE-2026-29048 (HumHub is an Open Source Enterprise Social Network. In version
1.18.0, ...)
+ TODO: check
+CVE-2026-29046 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for
Win32. Pri ...)
+ TODO: check
+CVE-2026-29042 (Nuclio is a "Serverless" framework for Real-Time Events and
Data Proce ...)
+ TODO: check
+CVE-2026-29041 (Chamilo is a learning management system. Prior to version
1.11.34, Cha ...)
+ TODO: check
+CVE-2026-29039 (changedetection.io is a free open source web page change
detection too ...)
+ TODO: check
+CVE-2026-29038 (changedetection.io is a free open source web page change
detection too ...)
+ TODO: check
+CVE-2026-28804 (pypdf is a free and open-source pure-python PDF library. Prior
to vers ...)
+ TODO: check
+CVE-2026-28802 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d431c210 by security tracker role at 2026-03-05T20:13:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,161 @@
+CVE-2026-3598 (Use of a Broken or Risky Cryptographic Algorithm vulnerability
in rust ...)
+ TODO: check
+CVE-2026-3459 (The Drag and Drop Multiple File Upload - Contact Form 7 plugin
for Wor ...)
+ TODO: check
+CVE-2026-3236 (In affected versions of Octopus Server it was possible to
create a new ...)
+ TODO: check
+CVE-2026-3047 (A flaw was found in org.keycloak.broker.saml. When a disabled
Security ...)
+ TODO: check
+CVE-2026-3009 (A security flaw in the IdentityBrokerService.performLogin
endpoint of ...)
+ TODO: check
+CVE-2026-30798 (Insufficient Verification of Data Authenticity, Improper
Handling of E ...)
+ TODO: check
+CVE-2026-30797 (Missing Authorization vulnerability in rustdesk-client
RustDesk Client ...)
+ TODO: check
+CVE-2026-30796 (Cleartext Transmission of Sensitive Information vulnerability
in rustd ...)
+ TODO: check
+CVE-2026-30795 (Cleartext Transmission of Sensitive Information vulnerability
in rustd ...)
+ TODO: check
+CVE-2026-30794 (Improper Certificate Validation vulnerability in
rustdesk-client RustD ...)
+ TODO: check
+CVE-2026-30793 (Cross-Site Request Forgery (CSRF) vulnerability in
rustdesk-client Rus ...)
+ TODO: check
+CVE-2026-30792 (A vulnerability in rustdesk-client RustDesk Client
rustdesk-client on ...)
+ TODO: check
+CVE-2026-30791 (Use of a Broken or Risky Cryptographic Algorithm vulnerability
in rust ...)
+ TODO: check
+CVE-2026-30790 (Improper Restriction of Excessive Authentication Attempts, Use
of Pass ...)
+ TODO: check
+CVE-2026-30789 (Authentication Bypass by Capture-replay, Use of Password Hash
With Ins ...)
+ TODO: check
+CVE-2026-30785 (Improperly Controlled Modification of Object Prototype
Attributes ('Pr ...)
+ TODO: check
+CVE-2026-30784 (Missing Authorization, Missing Authentication for Critical
Function vu ...)
+ TODO: check
+CVE-2026-30783 (A vulnerability in rustdesk-client RustDesk Client
rustdesk-client on ...)
+ TODO: check
+CVE-2026-2599 (The Database for Contact Form 7, WPforms, Elementor forms
plugin for W ...)
+ TODO: check
+CVE-2026-29054 (Traefik is an HTTP reverse proxy and load balancer. From
version 2.11. ...)
+ TODO: check
+CVE-2026-28790 (OliveTin gives access to predefined shell commands from a web
interfac ...)
+ TODO: check
+CVE-2026-28789 (OliveTin gives access to predefined shell commands from a web
interfac ...)
+ TODO: check
+CVE-2026-28551 (Race condition vulnerability in the device security management
module. ...)
+ TODO: check
+CVE-2026-28549 (Race condition vulnerability in the permission management
service.Impa ...)
+ TODO: check
+CVE-2026-28548 (Vulnerability of improper verification in the email
application.Impact ...)
+ TODO: check
+CVE-2026-28547 (Vulnerability of uninitialized pointer access in the scanning
module.I ...)
+ TODO: check
+CVE-2026-28546 (Buffer overflow vulnerability in the scanning module.Impact:
Successfu ...)
+ TODO: check
+CVE-2026-28542 (Permission bypass vulnerability in the system service
framework.Impact ...)
+ TODO: check
+CVE-2026-28353 (Trivy Vulnerability Scanner is a VS Code extension that helps
find vul ...)
+ TODO: check
+CVE-2026-28350 (lxml_html_clean is a project for HTML cleaning functionalities
copied ...)
+ TODO: check
+CVE-2026-28348 (lxml_html_clean is a project for HTML cleaning functionalities
copied ...)
+ TODO: check
+CVE-2026-28343 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC
archite ...)
+ TODO: check
+CVE-2026-28342 (OliveTin gives access to predefined shell commands from a web
interfac ...)
+ TODO: check
+CVE-2026-28287 (FreePBX is an open source IP PBX. From versions 16.0.17.2 to
before 16 ...)
+ TODO: check
+CVE-2026-28284 (FreePBX is an open source IP PBX. Prior to versions 16.0.10
and 17.0.5 ...)
+ TODO: check
+CVE-2026-28277 (LangGraph SQLite Checkpoint is an implementation of LangGraph
Checkpoi ...)
+ TODO: check
+CVE-2026-28223 (Wagtail is an open source content management system built on
Django. P ...)
+ TODO: check
+CVE-2026-28222 (Wagtail is an open source content management system built on
Django. P ...)
+ TODO: check
+CVE-2026-28210 (FreePBX is an open source IP PBX. Prior to versions 16.0.49
and 17.0.7 ...)
+ TODO: check
+CVE-2026-28209 (FreePBX is an open source IP PBX. From versions 16.0.17.2 to
before 16 ...)
+ TODO: check
+CVE-2026-27944 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73767e0b by security tracker role at 2026-03-05T08:13:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,27 +1,687 @@
+CVE-2026-3523 (The Apocalypse Meow plugin for WordPress is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2026-3072 (The Media Library Assistant plugin for WordPress is vulnerable
to unau ...)
+ TODO: check
+CVE-2026-3034 (The OoohBoi Steroids for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-30777 (EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor
authentic ...)
+ TODO: check
+CVE-2026-2899 (The Fluent Forms Pro Add On Pack plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-2893 (The Page and Post Clone plugin for WordPress is vulnerable to
SQL Inje ...)
+ TODO: check
+CVE-2026-2836 (A cache poisoning vulnerability has been found in the Pingora
HTTP pro ...)
+ TODO: check
+CVE-2026-2835 (An HTTP Request Smuggling vulnerability (CWE-444) has been
found in Pi ...)
+ TODO: check
+CVE-2026-2833 (An HTTP request smuggling vulnerability (CWE-444) was found in
Pingora ...)
+ TODO: check
+CVE-2026-2743 (Arbitrary File Write via Path Traversal upload to Remote Code
Executio ...)
+ TODO: check
+CVE-2026-2418 (The Login with Salesforce WordPress plugin through 1.0.2 does
not vali ...)
+ TODO: check
+CVE-2026-2365 (The Fluent Forms Pro plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-2297 (The import hook in CPython that handles legacy *.pyc files
(Sourceless ...)
+ TODO: check
+CVE-2026-29128 (IDC SFX2100 Satellite Receiver firmware ships with multiple
daemon con ...)
+ TODO: check
+CVE-2026-29127 (The IDC SFX2100 Satellite Receiver sets overly permissive file
system ...)
+ TODO: check
+CVE-2026-29126 (Incorrect permission assignment (world-writable file) in
/etc/udhcpc/d ...)
+ TODO: check
+CVE-2026-29125 (IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file
to be w ...)
+ TODO: check
+CVE-2026-29124 (Multiple SUID root-owned binaries are found in
/home/monitor/terminal, ...)
+ TODO: check
+CVE-2026-29123 (A SUID root-owned binary in /home/xd/terminal/XDTerminalin
Internation ...)
+ TODO: check
+CVE-2026-29122 (International Data Casting (IDC) SFX2100 satellite receiver
comes with ...)
+ TODO: check
+CVE-2026-29121 (International Data Casting (IDC) SFX2100 satellite receiver
comes with ...)
+ TODO: check
+CVE-2026-29086 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-29085 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-29053 (Ghost is a Node.js content management system. From version
0.7.2 to 6. ...)
+ TODO: check
+CVE-2026-29052 (The Calendar module for HumHub enables users to create
one-time or rec ...)
+ TODO: check
+CVE-2026-29045 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-29000 (pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an
authent ...)
+ TODO: check
+CVE-2026-28552 (Out-of-bounds write vulnerability in the IMS module.Impact:
Successful ...)
+ TODO: check
+CVE-2026-28550 (Race condition vulnerability in the security control
module.Impact: Su ...)
+ TODO: check
+CVE-2026-28545 (Race condition vulnerability in the printing module.Impact:
Successful ...)
+ TODO: check
+CVE-2026-28544 (Race condition vulnerability in the printing module.Impact:
Successful ...)
+ TODO: check
+CVE-2026-28543 (Race condition vulnerability in the maintenance and
diagnostics module ...)
+ TODO: check
+CVE-2026-28541 (Permission control vulnerability in the cellular_data
module.Impact: S ...)
+ TODO: check
+CVE-2026-28540 (Out-of-bounds character read vulnerability in
Bluetooth.Impact: Succes ...)
+ TODO: check
+CVE-2026-28539 (Data processing vulnerability in the certificate management
module.Imp ...)
+ TODO: check
+CVE-2026-28538 (Path traversal vulnerability in the certificate management
module.Impa ...)
+ TODO: check
+CVE-2026-28537 (Double free vulnerability in the window module.Impact:
Successful expl ...)
+ TODO: check
+CVE-2026-28536 (Authentication bypass vulnerability in the device
authentication modul ...)
+ TODO: check
+CVE-2026-28137 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-28135 (Inclusion of Functionality from Untrusted Control Sphere
vulnerability ...)
+ TODO: check
+CVE-2026-28134 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df64ae9d by security tracker role at 2026-03-04T20:13:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,30 +1,326 @@ -CVE-2026-23238 [romfs: check sb_set_blocksize() return value] +CVE-2026-3545 (Insufficient data validation in Navigation in Google Chrome prior to 1 ...) + TODO: check +CVE-2026-3544 (Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632 ...) + TODO: check +CVE-2026-3543 (Inappropriate implementation in V8 in Google Chrome prior to 145.0.763 ...) + TODO: check +CVE-2026-3542 (Inappropriate implementation in WebAssembly in Google Chrome prior to ...) + TODO: check +CVE-2026-3541 (Inappropriate implementation in CSS in Google Chrome prior to 145.0.76 ...) + TODO: check +CVE-2026-3540 (Inappropriate implementation in WebAudio in Google Chrome prior to 145 ...) + TODO: check +CVE-2026-3539 (Object lifecycle issue in DevTools in Google Chrome prior to 145.0.763 ...) + TODO: check +CVE-2026-3538 (Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allo ...) + TODO: check +CVE-2026-3537 (Object lifecycle issue in PowerVR in Google Chrome on Android prior to ...) + TODO: check +CVE-2026-3536 (Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 all ...) + TODO: check +CVE-2026-3520 (Multer is a node.js middleware for handling `multipart/form-data`. A v ...) + TODO: check +CVE-2026-3439 (A post-authentication Stack-based Buffer Overflow vulnerability in Son ...) + TODO: check +CVE-2026-3125 (A Server-Side Request Forgery (SSRF) vulnerability was identified in t ...) + TODO: check +CVE-2026-3103 (A logic error in the remove_password() function in Checkmk GmbH's Chec ...) + TODO: check +CVE-2026-3094 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...) + TODO: check +CVE-2026-3058 (The Seraphinite Accelerator plugin for WordPress is vulnerable to Sens ...) + TODO: check +CVE-2026-3056 (The Seraphinite Accelerator plugin for WordPress is vulnerable to unau ...) + TODO: check +CVE-2026-2748 (SEPPmail Secure Email Gateway before version 15.0.1 improperly validat ...) + TODO: check +CVE-2026-2747 (SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PG ...) + TODO: check +CVE-2026-2746 (SEPPmail Secure Email Gateway before version 15.0.1 does not properly ...) + TODO: check +CVE-2026-2355 (The My Calendar \u2013 Accessible Event Manager plugin for WordPress i ...) + TODO: check +CVE-2026-29120 (The /root/anaconda-ks.cfg installation configuration file in Internati ...) + TODO: check +CVE-2026-29119 (International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX21 ...) + TODO: check +CVE-2026-29069 (Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and ...) + TODO: check +CVE-2026-28784 (Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.1 ...) + TODO: check +CVE-2026-28783 (Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and ...) + TODO: check +CVE-2026-28782 (Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and ...) + TODO: check +CVE-2026-28781 (Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and ...) + TODO: check +CVE-2026-28697 (Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and ...) + TODO: check +CVE-2026-28696 (Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and ...) + TODO: check +CVE-2026-28695 (Craft is a content management system (CMS). There is an authenticated ...) + TODO: check +CVE-2026-28435 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...) + TODO: check +CVE-2026-28434 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...) + TODO: check +CVE-2026-28427 (OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1 ...) + TODO: check +CVE-2026-27446 (Missing Authentication for Critical Function (CWE-306) vulnerability i ...) + TODO: check +CVE-2026-27445 (SEPPmail Secure Email Gateway before version 15.0.1 does not properly ...) + TODO: check +CVE-2026-27444 (SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interp ...) + TODO: check +CVE-2026-27443 (SEPPmail Secure Email Gateway before version 15.0.1 does not properly ...) + TODO: check +CVE-2026-27442 (The GINA web interface in SEPPmail Secure Email Gateway before version ...) + TODO: check +CVE-2026-27441 (SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neu ...) + TODO: check +CVE-2026-26949 (Dell Device Management Agent
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a51de08 by security tracker role at 2026-03-04T08:13:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,139 @@ +CVE-2026-3487 (A vulnerability was found in itsourcecode College Management System 1. ...) + TODO: check +CVE-2026-3486 (A vulnerability has been found in itsourcecode College Management Syst ...) + TODO: check +CVE-2026-3485 (A flaw has been found in D-Link DIR-868L 110b03. This affects the func ...) + TODO: check +CVE-2026-3452 (Concrete CMS below version 9.4.8 is vulnerable toRemote Code Execution ...) + TODO: check +CVE-2026-3266 (Missing Authorization vulnerability in OpenText\u2122 Filr allows Auth ...) + TODO: check +CVE-2026-3244 (In Concrete CMS below version 9.4.8, A stored cross-site scripting (XS ...) + TODO: check +CVE-2026-3242 (In Concrete CMS below version 9.4.8, a rogue administrator can add sto ...) + TODO: check +CVE-2026-3241 (In Concrete CMS below version 9.4.8, astored cross-site scripting (XSS ...) + TODO: check +CVE-2026-3240 (In Concrete CMS below version 9.4.8, auser with permission to edit a p ...) + TODO: check +CVE-2026-3224 (Authentication bypass in the Microsoft Entra ID (Azure AD) authenticat ...) + TODO: check +CVE-2026-3204 (Improper input validation in the error message page in Devolutions Se ...) + TODO: check +CVE-2026-3130 (Improper Enforcement of Behavioral Controls inDevolutions Server 2025. ...) + TODO: check +CVE-2026-3076 + REJECTED +CVE-2026-2994 (Concrete CMS below version 9.4.8 is subject toCSRF by a Rogue Administ ...) + TODO: check +CVE-2026-2732 (The Enable Media Replace plugin for WordPress is vulnerable to unautho ...) + TODO: check +CVE-2026-2590 (Improper enforcement of the Disable password saving in vaults setting ...) + TODO: check +CVE-2026-2363 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2026-2292 (The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2026-2289 (The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2026-2025 (The Mail Mint WordPress plugin before 1.19.5 does not have authorizat ...) + TODO: check +CVE-2026-28778 (International Datacasting Corporation (IDC) SFX Series SuperFlex Satel ...) + TODO: check +CVE-2026-28777 (International Datacasting Corporation (IDC) SFX2100 Satellite Receiv ...) + TODO: check +CVE-2026-28776 (International Datacasting Corporation (IDC) SFX Series SuperFlex Satel ...) + TODO: check +CVE-2026-28775 (An unauthenticated Remote Code Execution (RCE) vulnerability exists in ...) + TODO: check +CVE-2026-28774 (An OS Command Injection vulnerability exists in the web-based Tracerou ...) + TODO: check +CVE-2026-28773 (The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in Internat ...) + TODO: check +CVE-2026-28772 (A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Loggi ...) + TODO: check +CVE-2026-28771 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /in ...) + TODO: check +CVE-2026-28770 (Improper neutralization of special elements in the /IDC_Logging/checki ...) + TODO: check +CVE-2026-28769 (A path traversal vulnerability exists in the /IDC_Logging/checkifdone. ...) + TODO: check +CVE-2026-28289 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...) + TODO: check +CVE-2026-27981 (HomeBox is a home inventory and organization system. Prior to 0.24.0, ...) + TODO: check +CVE-2026-27971 (Qwik is a performance focused javascript framework. qwik <=1.19.0 is v ...) + TODO: check +CVE-2026-27932 (joserfc is a Python library that provides an implementation of several ...) + TODO: check +CVE-2026-27905 (BentoML is a Python library for building online serving systems optimi ...) + TODO: check +CVE-2026-27622 (OpenEXR provides the specification and reference implementation of the ...) + TODO: check +CVE-2026-27601 (Underscore.js is a utility-belt library for JavaScript. Prior to 1.13. ...) + TODO: check +CVE-2026-27600 (HomeBox is a home inventory and organization system. Prior to 0.24.0-r ...) + TODO: check +CVE-2026-27012 (OpenSTAManager is an open source management software for technical ass ...) + TODO: check +CVE-2026-26279 (Froxlor is open source server administration software. Prior to 2.3.4, ...) + TODO: check +CVE-2026-26272 (HomeBox is a home inventory and organization system. Prior to 0.24.0-r ...) + TODO: check +CVE-2026-26266 (AliasVault is a privacy-first password manager with built-
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5d8c6e5 by security tracker role at 2026-03-03T20:14:05+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,10 +1,150 @@ -CVE-2026-25674 +CVE-2026-3494 (In MariaDB server version through 11.8.5, when server audit plugin is ...) + TODO: check +CVE-2026-3484 (A vulnerability was detected in PhialsBasement nmap-mcp-server up to b ...) + TODO: check +CVE-2026-3465 (A vulnerability was determined in Tuya App and SDK 24.07.11 on Android ...) + TODO: check +CVE-2026-3463 (A weakness has been identified in xlnt-community xlnt up to 1.6.1. Imp ...) + TODO: check +CVE-2026-3437 (An Improper Restriction of Operations within the Bounds of a Memory Bu ...) + TODO: check +CVE-2026-3351 (Improper authorization in the API endpoint GET /1.0/certificates in Ca ...) + TODO: check +CVE-2026-3344 (A vulnerability in WatchGuard Fireware OS may allow an attacker to byp ...) + TODO: check +CVE-2026-3343 (A reflected cross-site scripting (XSS) vulnerability in the Fireware O ...) + TODO: check +CVE-2026-3342 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may all ...) + TODO: check +CVE-2026-3136 (An improper authorizationvulnerability in GitHub Trigger Comment Contr ...) + TODO: check +CVE-2026-2915 (HP System Event Utility might allow denial of service with elevated ar ...) + TODO: check +CVE-2026-2637 (iBoysoft NTFS for Mac contains a local privilege escalation vulnerabil ...) + TODO: check +CVE-2026-2606 (IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to ...) + TODO: check +CVE-2026-2568 (The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and ...) + TODO: check +CVE-2026-29022 (dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a ...) + TODO: check +CVE-2026-28518 (OpenViking versions 0.2.1 and prior, fixed in commit46b3e76, contain a ...) + TODO: check +CVE-2026-26892 (Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnera ...) + TODO: check +CVE-2026-26891 (Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnera ...) + TODO: check +CVE-2026-26890 (Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2026-26889 (Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2026-26888 (Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2026-26887 (Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2026-26886 (Sourcecodester Online Men's Salon Management System v1.0 is vulnerable ...) + TODO: check +CVE-2026-26885 (Sourcecodester Online Men's Salon Management System v1.0 is vulnerable ...) + TODO: check +CVE-2026-26884 (Sourcecodester Online Men's Salon Management System v1.0 is vulnerable ...) + TODO: check +CVE-2026-26883 (Sourcecodester Online Men's Salon Management System v1.0 is vulnerable ...) + TODO: check +CVE-2026-24103 (A buffer overflow vulnerability was discovered in goform/formSetMacFil ...) + TODO: check +CVE-2026-22891 (A heap-based buffer overflow vulnerability exists in the Intan CLP par ...) + TODO: check +CVE-2026-22886 (OpenMQ exposes a TCP-based management service (imqbrokerd) that by def ...) + TODO: check +CVE-2026-20777 (A heap-based buffer overflow vulnerability exists in the Nicolet WFT p ...) + TODO: check +CVE-2026-1265 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...) + TODO: check +CVE-2026-0540 (DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit ...) + TODO: check +CVE-2025-70821 (renren-secuity before v5.5.0 is vulnerable to SQL Injection in the Bas ...) + TODO: check +CVE-2025-70236 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...) + TODO: check +CVE-2025-69765 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIp ...) + TODO: check +CVE-2025-67840 (Multiple authenticated OS command injection vulnerabilities exist in t ...) + TODO: check +CVE-2025-66945 (A path traversal vulnerability exists in the ZIP extraction API of Zdi ...) + TODO: check +CVE-2025-66680 (An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force ...) + TODO: check +CVE-2025-66363 (An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200 ...) + TODO: check +CVE-2025-64736 (An out-of-bounds read vulnerability exists in the ABF parsing function ...) + TODO: check +CVE-2025-63912 (Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was dis
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2148c859 by security tracker role at 2026-03-03T08:13:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,49 @@
+CVE-2026-3455 (Versions of the package mailparser before 3.9.3 are vulnerable
to Cros ...)
+ TODO: check
+CVE-2026-3449 (Versions of the package @tootallnate/once before 3.0.1 are
vulnerable ...)
+ TODO: check
+CVE-2026-3338 (Improper signature validation in PKCS7_verify() in AWS-LC
allows an un ...)
+ TODO: check
+CVE-2026-3337 (Observable timing discrepancy in AES-CCM decryption in AWS-LC
allows a ...)
+ TODO: check
+CVE-2026-3336 (Improper certificate validation in PKCS7_verify() in AWS-LC
allows an ...)
+ TODO: check
+CVE-2026-2628 (The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login
plugin fo ...)
+ TODO: check
+CVE-2026-2583 (The Blocksy theme for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2026-2448 (The Page Builder by SiteOrigin plugin for WordPress is
vulnerable to L ...)
+ TODO: check
+CVE-2026-2269 (The Uncanny Automator \u2013 Easy Automation, Integration,
Webhooks & ...)
+ TODO: check
+CVE-2026-2256 (A command injection vulnerability in ModelScope's ms-agent
versions v1 ...)
+ TODO: check
+CVE-2026-20801 (Cleartext Transmission of Sensitive Information (CWE-319) ina
componen ...)
+ TODO: check
+CVE-2026-20757 (Improper Lockingvulnerability (CWE-667) inGallagher Morpho
integration ...)
+ TODO: check
+CVE-2026-1876 (Improper Resource Shutdown or Release vulnerability in
Mitsubishi Elec ...)
+ TODO: check
+CVE-2026-1875 (Improper Resource Shutdown or Release vulnerability in
Mitsubishi Elec ...)
+ TODO: check
+CVE-2026-1874 (Always-Incorrect Control Flow Implementation vulnerability in
Mitsubis ...)
+ TODO: check
+CVE-2026-1566 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
+ TODO: check
+CVE-2026-1492 (The User Registration & Membership \u2013 Custom Registration
Form Bui ...)
+ TODO: check
+CVE-2026-1487 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
+ TODO: check
+CVE-2026-1336 (The AI ChatBot with ChatGPT and Content Generator by AYS plugin
for Wo ...)
+ TODO: check
+CVE-2026-0754 (An embedded test key and certificate could be extracted from a
Poly Vo ...)
+ TODO: check
+CVE-2025-47147 (Cleartext Storage of Sensitive Information (CWE-312) in the
Command Ce ...)
+ TODO: check
+CVE-2025-15595 (Privilege escalation via dll hijacking in Inno Setup 6.2.1 and
ealier ...)
+ TODO: check
+CVE-2025-12345 (A security vulnerability has been detected in LLM-Claw
0.1.0/0.1.1/0.1 ...)
+ TODO: check
CVE-2026-3442
- binutils (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443828
@@ -31306,7 +31352,7 @@ CVE-2025-11009 (Cleartext Storage of Sensitive
Information vulnerability in Mits
CVE-2025-0852
REJECTED
CVE-2025-14180 (In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30,
8.3.* before ...)
- {DSA-6088-1}
+ {DSA-6154-1 DSA-6088-1}
- php8.4 8.4.16-1 (bug #1123574)
- php8.2
- php7.4 (Vulnerable code introduced later)
@@ -31314,7 +31360,7 @@ CVE-2025-14180 (In PHP versions 8.1.* before 8.1.34,
8.2.* before 8.2.30, 8.3.*
NOTE: Fixed by:
https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86
(php-8.4.16)
NOTE: Introduced by:
https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86
(php-8.1.0RC1)
CVE-2025-14178 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30,
8.3.* before ...)
- {DSA-6088-1 DLA-4447-1}
+ {DSA-6154-1 DSA-6088-1 DLA-4447-1}
- php8.4 8.4.16-1 (bug #1123574)
- php8.2
- php7.4
@@ -31322,7 +31368,7 @@ CVE-2025-14178 (In PHP versions:8.1.* before 8.1.34,
8.2.* before 8.2.30, 8.3.*
NOTE: Fixed by:
https://github.com/php/php-src/commit/e6d7d34c1ae46281993036189e3bcb6528911ce8
(php-8.4.16)
NOTE: Introduced by:
https://github.com/php/php-src/commit/a08723d3d313445191470c19e12235a56165600a
(php-7.2.0RC1)
CVE-2025-14177 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30,
8.3.* before ...)
- {DSA-6088-1}
+ {DSA-6154-1 DSA-6088-1}
- php8.4 8.4.16-1 (bug #1123574)
- php8.2
- php7.4 (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2148c859f6a08c057db3c1d6839ecc1ca2638287
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2148c859f6a08c057db3c1d6839ecc1ca2638287
You're receiving this email because of your account on s
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4bddd0c7 by security tracker role at 2026-03-02T20:13:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,395 @@ +CVE-2026-3432 (On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endp ...) + TODO: check +CVE-2026-3431 (On SimStudio version below to 0.5.74, the MongoDB tool endpoints accep ...) + TODO: check +CVE-2026-3180 (The Contest Gallery \u2013 Upload & Vote Photos, Media, Sell with PayP ...) + TODO: check +CVE-2026-3132 (The Master Addons for Elementor Premium plugin for WordPress is vulner ...) + TODO: check +CVE-2026-2584 (A critical SQL Injection (SQLi) vulnerability has been identified in t ...) + TODO: check +CVE-2026-28412 (Textream is a free macOS teleprompter app. Prior to version 1.5.1, the ...) + TODO: check +CVE-2026-28403 (Textream is a free macOS teleprompter app. Prior to version 1.5.1, the ...) + TODO: check +CVE-2026-28401 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2026-28399 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2026-28398 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2026-28397 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2026-28396 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2026-28361 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2026-28360 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2026-28359 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2026-28358 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2026-28357 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2026-28286 (ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...) + TODO: check +CVE-2026-27631 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...) + TODO: check +CVE-2026-27596 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...) + TODO: check +CVE-2026-26720 (An issue in Twenty CRM v1.15.0 and before allows a remote attacker to ...) + TODO: check +CVE-2026-26713 (code-projects Simple Food Order System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2026-26712 (code-projects Simple Food Order System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2026-26711 (code-projects Simple Food Order System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2026-26710 (code-projects Simple Food Order System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2026-26709 (code-projects Simple Gym Management System v1.0 is vulnerable to SQL I ...) + TODO: check +CVE-2026-26708 (sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2026-26707 (sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2026-26706 (sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2026-26705 (sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2026-26704 (sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2026-26703 (sourcecodester Personnel Property Equipment System v1.0 is vulnerable ...) + TODO: check +CVE-2026-26702 (sourcecodester Personnel Property Equipment System v1.0 is vulnerable ...) + TODO: check +CVE-2026-26701 (sourcecodester Personnel Property Equipment System v1.0 is vulnerable ...) + TODO: check +CVE-2026-26700 (sourcecodester Personnel Property Equipment System v1.0 is vulnerable ...) + TODO: check +CVE-2026-26699 (sourcecodester Personnel Property Equipment System v1.0 is vulnerable ...) + TODO: check +CVE-2026-26698 (code-projects Simple Student Alumni System v1.0 is vulnerable to SQL I ...) + TODO: check +CVE-2026-26697 (code-projects Simple Student Alumni System v1.0 is vulnerable to SQL I ...) + TODO: check +CVE-2026-26696 (code-projects Simple Student Alumni System v1.0 is vulnerable to SQL I ...) + TODO: check +CVE-2026-26695 (code-projects Simple Student Alumni System v1.0 is vulnerable to SQL I ...) + TODO: check +CVE-2026-26694 (code-projects Simple Student Alumni System v1.0 is vulnerale to SQL In ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6849f9e0 by security tracker role at 2026-03-02T08:12:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2026-3422 (U-Office Force developed by e-Excellence has a Insecure Deserializatio ...) + TODO: check +CVE-2026-3413 (A flaw has been found in itsourcecode University Management System 1.0 ...) + TODO: check +CVE-2026-3412 (A vulnerability was detected in itsourcecode University Management Sys ...) + TODO: check +CVE-2026-3411 (A security vulnerability has been detected in itsourcecode University ...) + TODO: check +CVE-2026-3410 (A weakness has been identified in itsourcecode Society Management Syst ...) + TODO: check +CVE-2026-3409 (A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affe ...) + TODO: check +CVE-2026-3408 (A vulnerability was identified in Open Babel up to 3.1.1. This impacts ...) + TODO: check +CVE-2026-3407 (A vulnerability was determined in YosysHQ yosys up to 0.62. This affec ...) + TODO: check +CVE-2026-3406 (A vulnerability was found in projectworlds Online Art Gallery Shop 1.0 ...) + TODO: check +CVE-2026-3405 (A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The a ...) + TODO: check +CVE-2026-3404 (A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an ...) + TODO: check +CVE-2026-3403 (A vulnerability was detected in PHPGurukul Student Record Management S ...) + TODO: check +CVE-2026-3402 (A security vulnerability has been detected in PHPGurukul Student Recor ...) + TODO: check +CVE-2026-3401 (A weakness has been identified in SourceCodester Web-based Pharmacy Pr ...) + TODO: check +CVE-2026-3400 (A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. A ...) + TODO: check +CVE-2026-3399 (A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this ...) + TODO: check +CVE-2026-3398 (A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the ...) + TODO: check +CVE-2026-3000 (IDExpert Windows Logon Agent developed by Changing has a Remote Code E ...) + TODO: check +CVE-2026-2999 (IDExpert Windows Logon Agent developed by Changing has a Remote Code E ...) + TODO: check +CVE-2025-15597 (A vulnerability has been found in Dataease SQLBot up to 1.4.0. This af ...) + TODO: check CVE-2026-3395 (A flaw has been found in MaxSite CMS up to 109.1. This impacts the fun ...) NOT-FOR-US: MaxSite CMS CVE-2026-3394 (A vulnerability was detected in jarikomppa soloud up to 20200207. This ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6849f9e0af1b1d458e380666ddf70a7a60d4703e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6849f9e0af1b1d458e380666ddf70a7a60d4703e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e8cd9d02 by security tracker role at 2026-03-01T20:13:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,27 @@
+CVE-2026-3395 (A flaw has been found in MaxSite CMS up to 109.1. This impacts
the fun ...)
+ TODO: check
+CVE-2026-3394 (A vulnerability was detected in jarikomppa soloud up to
20200207. This ...)
+ TODO: check
+CVE-2026-3393 (A security vulnerability has been detected in jarikomppa soloud
up to ...)
+ TODO: check
+CVE-2026-3392 (A weakness has been identified in FascinatedBox lily up to 2.3.
The af ...)
+ TODO: check
+CVE-2026-3391 (A security flaw has been discovered in FascinatedBox lily up to
2.3. I ...)
+ TODO: check
+CVE-2026-3390 (A vulnerability was identified in FascinatedBox lily up to 2.3.
This i ...)
+ TODO: check
+CVE-2026-3389 (A vulnerability was determined in Squirrel up to 3.2. This
vulnerabili ...)
+ TODO: check
+CVE-2026-3388 (A vulnerability was found in Squirrel up to 3.2. This affects
the func ...)
+ TODO: check
+CVE-2026-3387 (A vulnerability has been found in wren-lang wren up to 0.4.0.
Affected ...)
+ TODO: check
+CVE-2026-3386 (A flaw has been found in wren-lang wren up to 0.4.0. Affected
by this ...)
+ TODO: check
+CVE-2026-3385 (A vulnerability was detected in wren-lang wren up to 0.4.0.
Affected i ...)
+ TODO: check
+CVE-2026-3384 (A security vulnerability has been detected in ChaiScript up to
6.1.0. ...)
+ TODO: check
CVE-2026-3383 (A weakness has been identified in ChaiScript up to 6.1.0. This
affects ...)
NOT-FOR-US: ChaiScript
CVE-2026-3382 (A security flaw has been discovered in ChaiScript up to 6.1.0.
The imp ...)
@@ -15685,13 +15709,13 @@ CVE-2023-32719
CVE-2023-32718
REJECTED
CVE-2026-23954 (Incus is a system container and virtual machine manager.
Versions 6.21 ...)
- {DSA-6109-1}
+ {DSA-6153-1 DSA-6109-1}
- incus 6.0.5-8
- lxd
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7
NOTE:
https://github.com/canonical/lxd/commit/9a80e47b358e56fb2c9f7abad61b1d0ac654b6fa
(lxd-5.0.6)
CVE-2026-23953 (Incus is a system container and virtual machine manager. In
versions 6 ...)
- {DSA-6109-1}
+ {DSA-6153-1 DSA-6109-1}
- incus 6.0.5-8
- lxd
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8cd9d028a24e4b6a4f6e74f11c33e3bee3c7e6d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8cd9d028a24e4b6a4f6e74f11c33e3bee3c7e6d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dea35c02 by security tracker role at 2026-03-01T08:12:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2026-3383 (A weakness has been identified in ChaiScript up to 6.1.0. This affects ...) + TODO: check +CVE-2026-3382 (A security flaw has been discovered in ChaiScript up to 6.1.0. The imp ...) + TODO: check +CVE-2026-3380 (A vulnerability was found in Tenda F453 1.0.0.3. This issue affects th ...) + TODO: check +CVE-2026-3379 (A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerabili ...) + TODO: check +CVE-2026-3378 (A flaw has been found in Tenda F453 1.0.0.3. This affects the function ...) + TODO: check +CVE-2026-3377 (A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this i ...) + TODO: check +CVE-2026-3376 (A security vulnerability has been detected in Tenda F453 1.0.0.3. Affe ...) + TODO: check +CVE-2026-28562 (wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability ...) + TODO: check +CVE-2026-28561 (wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerabili ...) + TODO: check +CVE-2026-28560 (wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerabili ...) + TODO: check +CVE-2026-28559 (wpForo Forum 2.4.14 contains an information disclosure vulnerability t ...) + TODO: check +CVE-2026-28558 (wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerabili ...) + TODO: check +CVE-2026-28557 (wpForo Forum 2.4.14 contains a missing capability check vulnerability ...) + TODO: check +CVE-2026-28556 (wpForo Forum 2.4.14 contains a missing authorization vulnerability tha ...) + TODO: check +CVE-2026-28555 (wpForo Forum 2.4.14 contains a missing authorization vulnerability tha ...) + TODO: check +CVE-2026-28554 (wpForo Forum 2.4.14 contains a missing authorization vulnerability tha ...) + TODO: check CVE-2026-3010 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) NOT-FOR-US: Microchip CVE-2026-2844 (Missing Authentication for Critical Function vulnerability in Microchi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dea35c02d55d90d88514624d3f7fb2249e07f8d7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dea35c02d55d90d88514624d3f7fb2249e07f8d7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c7746d36 by security tracker role at 2026-02-28T20:13:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2026-3010 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-2844 (Missing Authentication for Critical Function vulnerability in
Microchi ...)
+ TODO: check
CVE-2026-2647
REJECTED
CVE-2026-2471 (The WP Mail Logging plugin for WordPress is vulnerable to PHP
Object I ...)
@@ -1598,7 +1602,7 @@ CVE-2024-48928 (Piwigo is an open source photo gallery
application for the web.
CVE-2024-1524 (When the "Silent Just-In-Time Provisioning" feature is enabled
for a f ...)
NOT-FOR-US: WSO2
CVE-2026-2793 (Memory safety bugs present in Firefox ESR 115.32, Firefox ESR
140.7, T ...)
- {DSA-6148-1}
+ {DSA-6152-1 DSA-6148-1 DLA-4495-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- thunderbird 1:140.8.0esr-1
@@ -1606,7 +1610,7 @@ CVE-2026-2793 (Memory safety bugs present in Firefox ESR
115.32, Firefox ESR 140
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2793
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2793
CVE-2026-2792 (Memory safety bugs present in Firefox ESR 140.7, Thunderbird
ESR 140.7 ...)
- {DSA-6148-1}
+ {DSA-6152-1 DSA-6148-1 DLA-4495-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- thunderbird 1:140.8.0esr-1
@@ -1617,7 +1621,7 @@ CVE-2026-2807 (Memory safety bugs present in Firefox 147
and Thunderbird 147. So
- firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2807
CVE-2026-2791 (Mitigation bypass in the Networking: Cache component. This
vulnerabili ...)
- {DSA-6148-1}
+ {DSA-6152-1 DSA-6148-1 DLA-4495-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- thunderbird 1:140.8.0esr-1
@@ -1625,7 +1629,7 @@ CVE-2026-2791 (Mitigation bypass in the Networking: Cache
component. This vulner
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2791
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2791
CVE-2026-2790 (Same-origin policy bypass in the Networking: JAR component.
This vulne ...)
- {DSA-6148-1}
+ {DSA-6152-1 DSA-6148-1 DLA-4495-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- thunderbird 1:140.8.0esr-1
@@ -1636,7 +1640,7 @@ CVE-2026-2806 (Uninitialized memory in the Graphics: Text
component. This vulner
- firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2806
CVE-2026-2789 (Use-after-free in the Graphics: ImageLib component. This
vulnerability ...)
- {DSA-6148-1}
+ {DSA-6152-1 DSA-6148-1 DLA-4495-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- thunderbird 1:140.8.0esr-1
@@ -1644,7 +1648,7 @@ CVE-2026-2789 (Use-after-free in the Graphics: ImageLib
component. This vulnerab
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2789
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2789
CVE-2026-2788 (Incorrect boundary conditions in the Audio/Video: GMP
component. This ...)
- {DSA-6148-1}
+ {DSA-6152-1 DSA-6148-1 DLA-4495-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- thunderbird 1:140.8.0esr-1
@@ -1652,7 +1656,7 @@ CVE-2026-2788 (Incorrect boundary conditions in the
Audio/Video: GMP component.
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2788
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2788
CVE-2026-2787 (Use-after-free in the DOM: Window and Location component. This
vulnera ...)
- {DSA-6148-1}
+ {DSA-6152-1 DSA-6148-1 DLA-4495-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- thunderbird 1:140.8.0esr-1
@@ -1663,7 +1667,7 @@ CVE-2026-2805 (Invalid pointer in the DOM: Core & HTML
component. This vulnerabi
- firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2805
CVE-2026-2786 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
- {DSA-6148-1}
+ {DSA-6152-1 DSA-6148-1 DLA-4495-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- thunderbird 1:140.8.0esr-1
@@ -1674,7 +1678,7 @@ CVE-2026-2804 (Use-after-free in the JavaScript:
WebAssembly component. This vul
- firefox 148.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2804
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e02ca329 by security tracker role at 2026-02-28T08:13:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,14 +1,90 @@ -CVE-2026-28418 +CVE-2026-2647 + REJECTED +CVE-2026-2471 (The WP Mail Logging plugin for WordPress is vulnerable to PHP Object I ...) + TODO: check +CVE-2026-28517 (openDCIM version 23.04, through commit 4467e9c4, contains an OS comman ...) + TODO: check +CVE-2026-28516 (openDCIM version 23.04, through commit 4467e9c4, contains a SQL inject ...) + TODO: check +CVE-2026-28515 (openDCIM version 23.04, through commit 4467e9c4, contains a missing au ...) + TODO: check +CVE-2026-28426 (Statmatic is a Laravel and Git powered content management system (CMS) ...) + TODO: check +CVE-2026-28425 (Statmatic is a Laravel and Git powered content management system (CMS) ...) + TODO: check +CVE-2026-28424 (Statmatic is a Laravel and Git powered content management system (CMS) ...) + TODO: check +CVE-2026-28423 (Statmatic is a Laravel and Git powered content management system (CMS) ...) + TODO: check +CVE-2026-28422 (Vim is an open source, command line text editor. Prior to version 9.2. ...) + TODO: check +CVE-2026-28421 (Vim is an open source, command line text editor. Versions prior to 9.2 ...) + TODO: check +CVE-2026-28420 (Vim is an open source, command line text editor. Prior to version 9.2. ...) + TODO: check +CVE-2026-28419 (Vim is an open source, command line text editor. Prior to version 9.2. ...) + TODO: check +CVE-2026-28416 (Gradio is an open-source Python package designed for quick prototyping ...) + TODO: check +CVE-2026-28415 (Gradio is an open-source Python package designed for quick prototyping ...) + TODO: check +CVE-2026-28414 (Gradio is an open-source Python package designed for quick prototyping ...) + TODO: check +CVE-2026-28411 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...) + TODO: check +CVE-2026-28409 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...) + TODO: check +CVE-2026-28408 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...) + TODO: check +CVE-2026-28407 (malcontent is software for discovering supply-chain compromises throug ...) + TODO: check +CVE-2026-28406 (kaniko is a tool to build container images from a Dockerfile, inside a ...) + TODO: check +CVE-2026-28402 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...) + TODO: check +CVE-2026-28400 (Docker Model Runner (DMR) is software used to manage, run, and deploy ...) + TODO: check +CVE-2026-28355 (Canarytokens help track activity and actions on a network. Versions pr ...) + TODO: check +CVE-2026-28352 (Indico is an event management system that uses Flask-Multipass, a mult ...) + TODO: check +CVE-2026-28351 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...) + TODO: check +CVE-2026-28338 (PMD is an extensible multilanguage static code analyzer. Prior to vers ...) + TODO: check +CVE-2026-28288 (Dify is an open-source LLM app development platform. Prior to 1.9.0, r ...) + TODO: check +CVE-2026-28272 (Kiteworks is a private data network (PDN). Prior to version 9.2.0, a v ...) + TODO: check +CVE-2026-28271 (Kiteworks is a private data network (PDN). Prior to version 9.2.0, a v ...) + TODO: check +CVE-2026-28270 (Kiteworks is a private data network (PDN). Prior to version 9.2.0, a v ...) + TODO: check +CVE-2026-28268 (Vikunja is an open-source self-hosted task management platform. Versio ...) + TODO: check +CVE-2026-28231 (pillow_heif is a Python library for working with HEIF images and plugi ...) + TODO: check +CVE-2026-27939 (Statmatic is a Laravel and Git powered content management system (CMS) ...) + TODO: check +CVE-2026-27759 (Featured Image from Content (featured-image-from-content) WordPress pl ...) + TODO: check +CVE-2026-27167 (Gradio is an open-source Python package designed for quick prototyping ...) + TODO: check +CVE-2026-1542 (The Super Stage WP WordPress plugin through 1.0.1 unserializes user in ...) + TODO: check +CVE-2025-13673 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2026-28418 (Vim is an open source, command line text editor. Prior to version 9.2. ...) - vim NOTE: https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j NOTE: Fixed by: https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb46c3a9e76f684da2d (v9.2.0074) -CVE-2026-28417 +CVE-2026-28417 (Vim is an open source, command line text editor.
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f87a354 by security tracker role at 2026-02-27T20:14:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,161 @@ +CVE-2026-3327 (Authenticated Iframe Injection in Dato CMS Web Previews plugin. This v ...) + TODO: check +CVE-2026-3304 (Multer is a node.js middleware for handling `multipart/form-data`. A v ...) + TODO: check +CVE-2026-3277 (The OpenID Connect (OIDC) authentication configuration in PowerShell ...) + TODO: check +CVE-2026-3223 (Arbitrary file write & potential privilege escalation exploiting zip s ...) + TODO: check +CVE-2026-2880 (A vulnerability in @fastify/middie versions < 9.2.0 can result in auth ...) + TODO: check +CVE-2026-2831 (The MailArchiver plugin for WordPress is vulnerable to SQL Injection v ...) + TODO: check +CVE-2026-2751 (Blind SQL Injection via unsanitized array keys in Service Dependencies ...) + TODO: check +CVE-2026-2750 (Improper Input Validation vulnerability in Centreon Centreon Open Tick ...) + TODO: check +CVE-2026-2749 (Vulnerability in Centreon Centreon Open Tickets on Central Server on L ...) + TODO: check +CVE-2026-2383 (The Simple Download Monitor plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2026-2362 (The WP Accessibility plugin for WordPress is vulnerable to Stored DOM- ...) + TODO: check +CVE-2026-2359 (Multer is a node.js middleware for handling `multipart/form-data`. A v ...) + TODO: check +CVE-2026-2293 (A NestJS application using @nestjs/platform-fastify can allow bypass o ...) + TODO: check +CVE-2026-2252 (An XML External Entity (XXE) vulnerability allows malicious user to pe ...) + TODO: check +CVE-2026-2251 (Improper limitation of a pathname to a restricted directory (Path Trav ...) + TODO: check +CVE-2026-28354 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...) + TODO: check +CVE-2026-27947 (Group-Office is an enterprise customer relationship management and gro ...) + TODO: check +CVE-2026-27836 (phpMyFAQ is an open source FAQ web application. Prior to version 4.0.1 ...) + TODO: check +CVE-2026-27832 (Group-Office is an enterprise customer relationship management and gro ...) + TODO: check +CVE-2026-27824 (calibre is a cross-platform e-book manager for viewing, converting, ed ...) + TODO: check +CVE-2026-27810 (calibre is a cross-platform e-book manager for viewing, converting, ed ...) + TODO: check +CVE-2026-27793 (Seerr is an open-source media request and discovery manager for Jellyf ...) + TODO: check +CVE-2026-27792 (Seerr is an open-source media request and discovery manager for Jellyf ...) + TODO: check +CVE-2026-27758 (SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a c ...) + TODO: check +CVE-2026-27757 (SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an ...) + TODO: check +CVE-2026-27756 (SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a r ...) + TODO: check +CVE-2026-27755 (SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a w ...) + TODO: check +CVE-2026-27754 (SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cry ...) + TODO: check +CVE-2026-27753 (SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an ...) + TODO: check +CVE-2026-27752 (SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit au ...) + TODO: check +CVE-2026-27751 (SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a d ...) + TODO: check +CVE-2026-27734 (Beszel is a server monitoring platform. Prior to version 0.18.2, the h ...) + TODO: check +CVE-2026-27707 (Seerr is an open-source media request and discovery manager for Jellyf ...) + TODO: check +CVE-2026-27583 + REJECTED +CVE-2026-27582 + REJECTED +CVE-2026-27581 + REJECTED +CVE-2026-27580 + REJECTED +CVE-2026-27573 + REJECTED +CVE-2026-27501 + REJECTED +CVE-2026-27500 + REJECTED +CVE-2026-27201 + REJECTED +CVE-2026-27200 + REJECTED +CVE-2026-26997 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...) + TODO: check +CVE-2026-26862 (CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-base ...) + TODO: check +CVE-2026-26861 (CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Si ...) + TODO: check +CVE-2026-25147 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-24488 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-24352 (PluXml CMS allows
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d5c1c9f by security tracker role at 2026-02-27T08:13:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,14 +1,266 @@ +CVE-2026-3302 (A weakness has been identified in SourceCodester Doctor Appointment Sy ...) + TODO: check +CVE-2026-3301 (A security flaw has been discovered in Totolink N300RH 6.1c.1353_B2019 ...) + TODO: check +CVE-2026-3293 (A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0 ...) + TODO: check +CVE-2026-3292 (A security vulnerability has been detected in jizhiCMS up to 2.5.6. Af ...) + TODO: check +CVE-2026-3289 (A weakness has been identified in Sanluan PublicCMS 6.202506.d. This i ...) + TODO: check +CVE-2026-3287 (A security flaw has been discovered in youlaitech youlai-mall 2.0.0. T ...) + TODO: check +CVE-2026-3286 (A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2 ...) + TODO: check +CVE-2026-3285 (A vulnerability was determined in berry-lang berry up to 1.1.0. The af ...) + TODO: check +CVE-2026-3284 (A vulnerability was found in libvips 8.19.0. Impacted is the function ...) + TODO: check +CVE-2026-3283 (A vulnerability has been found in libvips 8.19.0. This issue affects t ...) + TODO: check +CVE-2026-3282 (A flaw has been found in libvips 8.19.0. This vulnerability affects th ...) + TODO: check +CVE-2026-3281 (A vulnerability was detected in libvips 8.19.0. This affects the funct ...) + TODO: check +CVE-2026-3275 (A weakness has been identified in Tenda F453 1.0.0.3. This affects the ...) + TODO: check +CVE-2026-3274 (A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by ...) + TODO: check +CVE-2026-3273 (A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this ...) + TODO: check +CVE-2026-3272 (A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the ...) + TODO: check +CVE-2026-3271 (A vulnerability was found in Tenda F453 1.0.0.3. This impacts the func ...) + TODO: check +CVE-2026-3270 (A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. Thi ...) + TODO: check +CVE-2026-3269 (A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted ...) + TODO: check +CVE-2026-3268 (A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The a ...) + TODO: check +CVE-2026-3265 (A vulnerability was identified in go2ismail Free-CRM up to b83c40a9072 ...) + TODO: check +CVE-2026-3264 (A vulnerability was determined in go2ismail Free-CRM up to b83c40a9072 ...) + TODO: check +CVE-2026-3263 (A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Ma ...) + TODO: check +CVE-2026-3262 (A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Ord ...) + TODO: check +CVE-2026-3261 (A flaw has been found in itsourcecode School Management System 1.0. Th ...) + TODO: check +CVE-2026-3037 (An OS command injection vulnerability exists in XWEB Pro version 1.12. ...) + TODO: check +CVE-2026-2428 (The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2026-28370 (In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0 ...) + TODO: check +CVE-2026-28364 (In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Mar ...) + TODO: check +CVE-2026-28363 (In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort ...) + TODO: check +CVE-2026-28280 (osctrl is an osquery management solution. Prior to version 0.5.0, a st ...) + TODO: check +CVE-2026-28279 (osctrl is an osquery management solution. Prior to version 0.5.0, an O ...) + TODO: check +CVE-2026-28276 (Initiative is a self-hosted project management platform. An access con ...) + TODO: check +CVE-2026-28275 (Initiative is a self-hosted project management platform. Versions of t ...) + TODO: check +CVE-2026-28274 (Initiative is a self-hosted project management platform. Versions of t ...) + TODO: check +CVE-2026-28269 (Kiteworks is a private data network (PDN). Prior to version 9.2.0, avu ...) + TODO: check +CVE-2026-28230 (SteVe is an open-source EV charging station management system. In vers ...) + TODO: check +CVE-2026-28227 (Discourse is an open source discussion platform. Prior to versions 202 ...) + TODO: check +CVE-2026-28226 (Phishing Club is a phishing simulation and man-in-the-middle framework ...) + TODO: check +CVE-2026-28225 (Manyfold is an open source, self-hosted web application for managing a ...) + TODO: check +CVE-2026-28219 (Discourse is an open source discussion platform. Prior to versions 202 ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
704a4669 by security tracker role at 2026-02-26T20:13:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,103 @@
+CVE-2026-3071 (Deserialization of untrusted data in the LanguageModel class of
Flair ...)
+ TODO: check
+CVE-2026-2680 (Reflected Cross-Site Scripting (XSS) on the A3factura web
platform, in ...)
+ TODO: check
+CVE-2026-2679 (Reflected Cross-Site Scripting (XSS) on the A3factura web
platform, in ...)
+ TODO: check
+CVE-2026-2678 (Reflected Cross-Site Scripting (XSS) on the A3factura web
platform, in ...)
+ TODO: check
+CVE-2026-2677 (Reflected Cross-Site Scripting (XSS) on the A3factura web
platform, in ...)
+ TODO: check
+CVE-2026-2244 (A vulnerability in Google Cloud Vertex AI Workbench
from7/21/2025 to 0 ...)
+ TODO: check
+CVE-2026-28296 (A flaw was found in the FTP GVfs backend. A remote attacker
could expl ...)
+ TODO: check
+CVE-2026-28295 (A flaw was found in the FTP GVfs backend. A malicious FTP
server can e ...)
+ TODO: check
+CVE-2026-28138 (Deserialization of Untrusted Data vulnerability in Stylemix
uListing u ...)
+ TODO: check
+CVE-2026-28136 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-28132 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2026-28131 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPV ...)
+ TODO: check
+CVE-2026-28083 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27510 (Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used
with the ...)
+ TODO: check
+CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9 and
V1.1.11 (EDU) ...)
+ TODO: check
+CVE-2026-27141 (Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will
cause a ...)
+ TODO: check
+CVE-2026-26979 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-26973 (Discourse is an open source discussion platform. Versions
prior to 202 ...)
+ TODO: check
+CVE-2026-26938 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
+ TODO: check
+CVE-2026-26937 (Uncontrolled Resource Consumption (CWE-400) in the Timelion
component ...)
+ TODO: check
+CVE-2026-26936 (Inefficient Regular Expression Complexity (CWE-1333) in the AI
Inferen ...)
+ TODO: check
+CVE-2026-26935 (Improper Input Validation (CWE-20) in the internal Content
Connectors ...)
+ TODO: check
+CVE-2026-26934 (Improper Validation of Specified Quantity in Input (CWE-1284)
in Kiban ...)
+ TODO: check
+CVE-2026-26932 (Improper Validation of Array Index (CWE-129) in the PostgreSQL
protoco ...)
+ TODO: check
+CVE-2026-26682 (An issue in fastCMS before v.0.1.6 allows a local attacker to
execute ...)
+ TODO: check
+CVE-2026-26265 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-26228 (VideoLAN VLC for Android prior to version 3.7.0 contains a
path traver ...)
+ TODO: check
+CVE-2026-26227 (VideoLAN VLC for Android prior to version 3.7.0 contains an
authentica ...)
+ TODO: check
+CVE-2026-26207 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-26078 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-26077 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-23939 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-23750 (Golioth Pouch version 0.1.0, prior to commit 1b2219a1,
contains a heap ...)
+ TODO: check
+CVE-2026-23749 (Golioth Firmware SDK version0.19.1prior to 0.22.0, fixed in
commit0e78 ...)
+ TODO: check
+CVE-2026-23748 (Golioth Firmware SDK version0.10.0 prior to 0.22.0, fixed in
commitd7f ...)
+ TODO: check
+CVE-2026-23747 (Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in
commit48 ...)
+ TODO: check
+CVE-2026-22722 (A malicious actor with authenticated user privileges on a
Windows base ...)
+ TODO: check
+CVE-2026-22715 (VMWare Workstation and Fusion contain a logic flaw in the
management o ...)
+ TODO: check
+CVE-2026-1565 (The User Frontend: AI Powered Frontend Posting, User Directory,
Profil ...)
+ TODO: check
+CVE-2026-1241 (The Pelco, Inc. Sarix Professional 3 Series Cameras are
vulnerable to ...)
+ TODO: check
+CVE-2026-1198 (SIMPLE.ERP is vulnerable to the SQL Injection in search
functionality ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a40ee29 by security tracker role at 2026-02-26T08:13:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,22 +1,232 @@ +CVE-2026-3209 (A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. Thi ...) + TODO: check +CVE-2026-3200 (A vulnerability was identified in z-9527 admin 1.0/2.0. The affected e ...) + TODO: check +CVE-2026-3172 (Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through ...) + TODO: check +CVE-2026-2694 (The The Events Calendar plugin for WordPress is vulnerable to unauthor ...) + TODO: check +CVE-2026-2506 (The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2026-2499 (The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2026-2498 (The WP Social Meta plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2026-2489 (The TP2WP Importer plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2026-2356 (The User Registration & Membership \u2013 Custom Registration Form, Lo ...) + TODO: check +CVE-2026-2029 (The Livemesh Addons for Beaver Builder plugin for WordPress is vulnera ...) + TODO: check +CVE-2026-27976 (Zed, a code editor, has an extension installer allows tar/gzip downloa ...) + TODO: check +CVE-2026-27975 (Ajenti is a Linux and BSD modular server admin panel. Prior to version ...) + TODO: check +CVE-2026-27974 (Audiobookshelf is a self-hosted audiobook and podcast server. A cross- ...) + TODO: check +CVE-2026-27973 (Audiobookshelf is a self-hosted audiobook and podcast server. A stored ...) + TODO: check +CVE-2026-27970 (Angular is a development platform for building mobile and desktop web ...) + TODO: check +CVE-2026-27969 (Vitess is a database clustering system for horizontal scaling of MySQL ...) + TODO: check +CVE-2026-27968 (Packistry is a self-hosted Composer repository designed to handle PHP ...) + TODO: check +CVE-2026-27967 (Zed, a code editor, has a symlink escape vulnerability in versions pri ...) + TODO: check +CVE-2026-27966 (Langflow is a tool for building and deploying AI-powered agents and wo ...) + TODO: check +CVE-2026-27965 (Vitess is a database clustering system for horizontal scaling of MySQL ...) + TODO: check +CVE-2026-27963 (Audiobookshelf is a self-hosted audiobook and podcast server. A stored ...) + TODO: check +CVE-2026-27961 (Agenta is an open-source LLMOps platform. A Server-Side Template Injec ...) + TODO: check +CVE-2026-27959 (Koa is middleware for Node.js using ES2017 async functions. Prior to v ...) + TODO: check +CVE-2026-27954 (Live Helper Chat is an open-source application that enables live suppo ...) + TODO: check +CVE-2026-27952 (Agenta is an open-source LLMOps platform. In Agenta-API prior to versi ...) + TODO: check +CVE-2026-27951 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) + TODO: check +CVE-2026-27950 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) + TODO: check +CVE-2026-27948 (Copyparty is a portable file server. In versions prior to 1.20.9, an X ...) + TODO: check +CVE-2026-27946 (ZITADEL is an open source identity management platform. Prior to versi ...) + TODO: check +CVE-2026-27945 (ZITADEL is an open source identity management platform. Zitadel Action ...) + TODO: check +CVE-2026-27943 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-27942 (fast-xml-parser allows users to validate XML, parse XML to JS object, ...) + TODO: check +CVE-2026-27941 (OpenLIT is an open source platform for AI engineering. Prior to versio ...) + TODO: check +CVE-2026-27938 (WPGraphQL provides a GraphQL API for WordPress sites. Prior to version ...) + TODO: check +CVE-2026-27933 (Manyfold is an open source, self-hosted web application for managing a ...) + TODO: check +CVE-2026-27904 (minimatch is a minimal matching utility for converting glob expression ...) + TODO: check +CVE-2026-27903 (minimatch is a minimal matching utility for converting glob expression ...) + TODO: check +CVE-2026-27902 (Svelte performance oriented web framework. Prior to version 5.53.5, er ...) + TODO: check +CVE-2026-27901 (Svelte performance oriented web framework. Prior to version 5.53.5, th ...) + TODO: check +CVE-2026-27900 (The Terraform Provider for Linode versions prior to v3.9.0 logged sens ...) + TODO: check +CVE-2026-27899 (WireGuard Portal (or wg-portal) is a web-based configuration portal fo ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4dc14e39 by security tracker role at 2026-02-25T20:13:32+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,209 @@ +CVE-2026-3221 (Sensitive user account information is not encrypted in the database i ...) + TODO: check +CVE-2026-3206 (Improper Resource Shutdown or Release vulnerability in KrakenD, SLU Kr ...) + TODO: check +CVE-2026-3203 (RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and ...) + TODO: check +CVE-2026-3202 (NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows den ...) + TODO: check +CVE-2026-3201 (USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6 ...) + TODO: check +CVE-2026-3197 + REJECTED +CVE-2026-3194 (A flaw has been found in Chia Blockchain 2.1.0. The affected element i ...) + TODO: check +CVE-2026-3193 (A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an ...) + TODO: check +CVE-2026-3192 (A security vulnerability has been detected in Chia Blockchain 2.1.0. T ...) + TODO: check +CVE-2026-3189 (A weakness has been identified in feiyuchuixue sz-boot-parent up to 1. ...) + TODO: check +CVE-2026-3188 (A security flaw has been discovered in feiyuchuixue sz-boot-parent up ...) + TODO: check +CVE-2026-3187 (A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1. ...) + TODO: check +CVE-2026-3186 (A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1. ...) + TODO: check +CVE-2026-3185 (A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-b ...) + TODO: check +CVE-2026-3171 (A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting ...) + TODO: check +CVE-2026-3118 (A security flaw was identified in the Orchestrator Plugin of Red Hat D ...) + TODO: check +CVE-2026-2878 (In Progress\xae Telerik\xae UI for AJAX, versions prior to 2026.1.225, ...) + TODO: check +CVE-2026-2636 (This vulnerability is caused by a CWE\u2011159: "Improper Handling of ...) + TODO: check +CVE-2026-2624 (Missing Authentication for Critical Function vulnerability in ePati Cy ...) + TODO: check +CVE-2026-2479 (The Responsive Lightbox & Gallery plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2026-2416 (The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via ...) + TODO: check +CVE-2026-2410 (The Disable Admin Notices \u2013 Hide Dashboard Notifications plugin f ...) + TODO: check +CVE-2026-2367 (The Secure Copy Content Protection and Content Locking plugin for Word ...) + TODO: check +CVE-2026-2301 (The Post Duplicator plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2026-28196 (In JetBrains TeamCity before 2025.11.3 disabling versioned settings le ...) + TODO: check +CVE-2026-28195 (In JetBrains TeamCity before 2025.11.3 missing authorization allowed p ...) + TODO: check +CVE-2026-28194 (In JetBrains TeamCity before 2025.11.3 open redirect was possible in t ...) + TODO: check +CVE-2026-28193 (In JetBrains YouTrack before 2025.3.121962 apps were able to send requ ...) + TODO: check +CVE-2026-27850 (Due to an improperly configured firewall rule, the router will accept ...) + TODO: check +CVE-2026-27849 (Due to missing neutralization of special elements, OS commands can be ...) + TODO: check +CVE-2026-27848 (Due to missing neutralization of special elements, OS commands can be ...) + TODO: check +CVE-2026-27847 (Due to improper neutralization of special elements, SQL statements can ...) + TODO: check +CVE-2026-27846 (Due to missing authentication, a user with physical access to the devi ...) + TODO: check +CVE-2026-27795 (LangChain is a framework for building LLM-powered applications. Prior ...) + TODO: check +CVE-2026-27794 (LangGraph Checkpoint defines the base interface for LangGraph checkpoi ...) + TODO: check +CVE-2026-27739 (The Angular SSR is a server-rise rendering tool for Angular applicatio ...) + TODO: check +CVE-2026-27738 (The Angular SSR is a server-rise rendering tool for Angular applicatio ...) + TODO: check +CVE-2026-27736 (BigBlueButton is an open-source virtual classroom. In versions on the ...) + TODO: check +CVE-2026-27730 (esm.sh is a no-build content delivery network (CDN) for web developmen ...) + TODO: check +CVE-2026-27728 (OneUptime is a solution for monitoring and managing online services. P ...) + TODO: check +CVE-2026-27727 (mchange-commons-java, a library that provides Java utilities, includes ...) + TODO: check +CVE-2026-27706 (Plane is an an open-source project management tool. Prior to
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2be38d85 by security tracker role at 2026-02-25T08:13:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,166 @@ -CVE-2026-27624 +CVE-2026-3179 (The FTP Backup on the ADM does not properly sanitize filenames receive ...) + TODO: check +CVE-2026-3170 (A vulnerability was detected in SourceCodester/Patrick Mvuma Patients ...) + TODO: check +CVE-2026-3169 (A security vulnerability has been detected in Tenda F453 1.0.0.3. This ...) + TODO: check +CVE-2026-3168 (A weakness has been identified in Tenda F453 1.0.0.3. This affects the ...) + TODO: check +CVE-2026-3167 (A security flaw has been discovered in Tenda F453 1.0.0.3. The impacte ...) + TODO: check +CVE-2026-3166 (A vulnerability was identified in Tenda F453 1.0.0.3. The affected ele ...) + TODO: check +CVE-2026-3165 (A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the ...) + TODO: check +CVE-2026-3164 (A vulnerability was found in itsourcecode News Portal Project 1.0. Thi ...) + TODO: check +CVE-2026-3163 (A vulnerability has been found in SourceCodester Website Link Extracto ...) + TODO: check +CVE-2026-3153 (A vulnerability has been found in itsourcecode Document Management Sys ...) + TODO: check +CVE-2026-3152 (A flaw has been found in itsourcecode College Management System 1.0. T ...) + TODO: check +CVE-2026-3151 (A vulnerability was detected in itsourcecode College Management System ...) + TODO: check +CVE-2026-3150 (A security vulnerability has been detected in itsourcecode College Man ...) + TODO: check +CVE-2026-3149 (A weakness has been identified in itsourcecode College Management Syst ...) + TODO: check +CVE-2026-3148 (A vulnerability was determined in SourceCodester Simple and Nice Shopp ...) + TODO: check +CVE-2026-3147 (A vulnerability was found in libvips up to 8.18.0. This affects the fu ...) + TODO: check +CVE-2026-3146 (A vulnerability has been found in libvips up to 8.18.0. The impacted e ...) + TODO: check +CVE-2026-3145 (A flaw has been found in libvips up to 8.18.0. The affected element is ...) + TODO: check +CVE-2026-3137 (A security vulnerability has been detected in CodeAstro Food Ordering ...) + TODO: check +CVE-2026-3135 (A weakness has been identified in itsourcecode News Portal Project 1.0 ...) + TODO: check +CVE-2026-3134 (A security flaw has been discovered in itsourcecode News Portal Projec ...) + TODO: check +CVE-2026-3133 (A vulnerability has been found in itsourcecode Document Management Sys ...) + TODO: check +CVE-2026-3100 (The FTP Backup on the ADM will not properly strictly enforce TLS certi ...) + TODO: check +CVE-2026-2914 (CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower a ...) + TODO: check +CVE-2026-27822 (RustFS is a distributed object storage system built in Rust. Prior to ...) + TODO: check +CVE-2026-27747 (The SPIP interface_traduction_objets plugin versions prior to4.3.3 con ...) + TODO: check +CVE-2026-27746 (The SPIP jeux plugin versions prior to4.1.1 contain a reflected cross- ...) + TODO: check +CVE-2026-27745 (The SPIP interface_traduction_objets plugin versions prior to4.3.3 con ...) + TODO: check +CVE-2026-27744 (The SPIP tickets plugin versions prior to4.3.3 contain an unauthentica ...) + TODO: check +CVE-2026-27743 (The SPIP referer_spam plugin versions prior to1.3.0 contain an unauthe ...) + TODO: check +CVE-2026-27696 (changedetection.io is a free open source web page change detection too ...) + TODO: check +CVE-2026-27645 (changedetection.io is a free open source web page change detection too ...) + TODO: check +CVE-2026-27641 (Flask-Reuploaded provides file uploads for Flask. A critical path trav ...) + TODO: check +CVE-2026-27640 (tfplan2md is software for converting Terraform plan JSON files into hu ...) + TODO: check +CVE-2026-27639 (Mercator is an open source web application designed to enable mapping ...) + TODO: check +CVE-2026-27637 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...) + TODO: check +CVE-2026-27636 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...) + TODO: check +CVE-2026-27632 (Talishar is a fan-made Flesh and Blood project. Prior to commit 6be387 ...) + TODO: check +CVE-2026-27629 (InvenTree is an Open Source Inventory Management System. Prior to vers ...) + TODO: check +CVE-2026-27628 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...) + TODO: check +CVE-2026-27627 (Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
818abb10 by security tracker role at 2026-02-24T20:13:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,226 +1,374 @@
-CVE-2026-2793
+CVE-2026-3131 (Improper access control in multiple DVLS REST API endpoints in
Devolu ...)
+ TODO: check
+CVE-2026-3105 (SummaryThis advisory addresses a SQL injection vulnerability in
the AP ...)
+ TODO: check
+CVE-2026-3102 (A vulnerability was determined in exiftool up to 13.49 on
macOS. This ...)
+ TODO: check
+CVE-2026-3101 (A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This
vulnera ...)
+ TODO: check
+CVE-2026-2664 (An out of bounds read vulnerability in the grpcfuse kernel
module pres ...)
+ TODO: check
+CVE-2026-2634 (Malicious scripts could cause desynchronization between the
address ba ...)
+ TODO: check
+CVE-2026-2460 (A vulnerability exists in REB500 for an authenticated user with
low-le ...)
+ TODO: check
+CVE-2026-2459 (A vulnerability exists in REB500 for an authenticated user with
Instal ...)
+ TODO: check
+CVE-2026-27732 (WWBN AVideo is an open source video platform. Prior to version
22.0, t ...)
+ TODO: check
+CVE-2026-27590 (Caddy is an extensible server platform that uses TLS by
default. Prior ...)
+ TODO: check
+CVE-2026-27589 (Caddy is an extensible server platform that uses TLS by
default. Prior ...)
+ TODO: check
+CVE-2026-27588 (Caddy is an extensible server platform that uses TLS by
default. Prior ...)
+ TODO: check
+CVE-2026-27587 (Caddy is an extensible server platform that uses TLS by
default. Prior ...)
+ TODO: check
+CVE-2026-27586 (Caddy is an extensible server platform that uses TLS by
default. Prior ...)
+ TODO: check
+CVE-2026-27585 (Caddy is an extensible server platform that uses TLS by
default. Prior ...)
+ TODO: check
+CVE-2026-27584 (Actual is a local-first personal finance tool. Prior to
version 26.2.1 ...)
+ TODO: check
+CVE-2026-27571 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-27568 (WWBN AVideo is an open source video platform. Prior to version
21.0, A ...)
+ TODO: check
+CVE-2026-27567 (Payload is a free and open source headless content management
system. ...)
+ TODO: check
+CVE-2026-27521 (Binardat 10G08-0800GSM network switch firmware
versionV300SP10260209an ...)
+ TODO: check
+CVE-2026-27520 (Binardat 10G08-0800GSM network switch firmware versions prior
toV300SP ...)
+ TODO: check
+CVE-2026-27519 (Binardat 10G08-0800GSM network switch firmware
versionV300SP10260209 a ...)
+ TODO: check
+CVE-2026-27518 (Binardat 10G08-0800GSM network switch firmware
versionV300SP10260209 a ...)
+ TODO: check
+CVE-2026-27517 (Binardat 10G08-0800GSM network switch firmware
versionV300SP10260209 a ...)
+ TODO: check
+CVE-2026-27516 (Binardat 10G08-0800GSM network switch firmware
versionV300SP10260209 a ...)
+ TODO: check
+CVE-2026-27515 (Binardat 10G08-0800GSM network switch firmware versions prior
toV300SP ...)
+ TODO: check
+CVE-2026-27507 (Binardat 10G08-0800GSM network switch firmware
versionV300SP10260209 a ...)
+ TODO: check
+CVE-2026-27483 (MindsDB is a platform for building artificial intelligence
from enterp ...)
+ TODO: check
+CVE-2026-27477 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-27468 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-27208 (bleon-ethical/api-gateway-deploy provides API gateway
deployment. Vers ...)
+ TODO: check
+CVE-2026-27156 (NiceGUI is a Python-based UI framework. Prior to version
3.8.0, severa ...)
+ TODO: check
+CVE-2026-26342 (Tattile Smart+, Vega, and Basic device families firmware
versions 1.18 ...)
+ TODO: check
+CVE-2026-26341 (Tattile Smart+, Vega, and Basic device families firmware
versions 1.18 ...)
+ TODO: check
+CVE-2026-26340 (Tattile Smart+, Vega, and Basic device families firmware
versions 1.18 ...)
+ TODO: check
+CVE-2026-26222 (Altec DocLink (now maintained by Beyond Limits Inc.) version
4.0.336.0 ...)
+ TODO: check
+CVE-2026-25603 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-24241 (NVIDIA Delegated Licensing Service for all appliance platforms
contain ...)
+ TODO: check
+CVE-2026-23984 (An Improper Input Validation vulnerability exists in Apache
Superset t ...)
+ TODO: check
+CVE-2026-23983 (A Sensitive Data Exposure vulnerability exists in Apache
Superset allo ...)
+ TODO: check
+CVE-2026-23982 (An Improper Authorization vulnerability exists in Apache
Supe
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2a0fa59 by security tracker role at 2026-02-24T08:12:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,247 @@ -CVE-2026-3063 +CVE-2026-3091 (An uncontrolled search path element vulnerability in Synology Presto C ...) + TODO: check +CVE-2026-3075 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...) + TODO: check +CVE-2026-3070 (A vulnerability was detected in SourceCodester Modern Image Gallery Ap ...) + TODO: check +CVE-2026-3069 (A security vulnerability has been detected in itsourcecode Document Ma ...) + TODO: check +CVE-2026-3068 (A weakness has been identified in itsourcecode Document Management Sys ...) + TODO: check +CVE-2026-3067 (A vulnerability has been found in HummerRisk up to 1.5.0. This issue a ...) + TODO: check +CVE-2026-3066 (A flaw has been found in HummerRisk up to 1.5.0. This vulnerability af ...) + TODO: check +CVE-2026-3065 (A vulnerability was detected in HummerRisk up to 1.5.0. This affects t ...) + TODO: check +CVE-2026-3064 (A security vulnerability has been detected in HummerRisk up to 1.5.0. ...) + TODO: check +CVE-2026-3057 (A security flaw has been discovered in a54552239 pearProjectApi up to ...) + TODO: check +CVE-2026-3054 (A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impa ...) + TODO: check +CVE-2026-3053 (A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This a ...) + TODO: check +CVE-2026-3052 (A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacte ...) + TODO: check +CVE-2026-3051 (A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The af ...) + TODO: check +CVE-2026-3050 (A flaw has been found in horilla-opensource horilla up to 1.0.2. Impac ...) + TODO: check +CVE-2026-3049 (A vulnerability was detected in horilla-opensource horilla up to 1.0.2 ...) + TODO: check +CVE-2026-3046 (A security vulnerability has been detected in itsourcecode E-Logbook w ...) + TODO: check +CVE-2026-3044 (A vulnerability has been found in Tenda AC8 16.03.34.06. This affects ...) + TODO: check +CVE-2026-3043 (A flaw has been found in itsourcecode Event Management System 1.0. The ...) + TODO: check +CVE-2026-3042 (A vulnerability was detected in itsourcecode Event Management System 1 ...) + TODO: check +CVE-2026-3041 (A security vulnerability has been detected in xingfuggz BaykeShop up t ...) + TODO: check +CVE-2026-3040 (A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. Th ...) + TODO: check +CVE-2026-3028 (A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vu ...) + TODO: check +CVE-2026-3027 (A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects ...) + TODO: check +CVE-2026-3026 (A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by t ...) + TODO: check +CVE-2026-3025 (A flaw has been found in ShuoRen Smart Heating Integrated Management P ...) + TODO: check +CVE-2026-27742 (Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vul ...) + TODO: check +CVE-2026-27741 (Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vul ...) + TODO: check +CVE-2026-27729 (Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro serve ...) + TODO: check +CVE-2026-27643 (free5GC UDR is the user data repository (UDR) for free5GC, an an open- ...) + TODO: check +CVE-2026-27642 (free5gc UDM provides Unified Data Management (UDM) for free5GC, an ope ...) + TODO: check +CVE-2026-27623 (Valkey is a distributed key-value database. Starting in version 9.0.0 ...) + TODO: check +CVE-2026-27461 (Pimcore is an Open Source Data & Experience Management Platform. In ve ...) + TODO: check +CVE-2026-27163 + REJECTED +CVE-2026-27129 (Craft is a content management system (CMS). In versions 4.5.0-RC1 thro ...) + TODO: check +CVE-2026-27128 (Craft is a content management system (CMS). In versions 4.5.0-RC1 thro ...) + TODO: check +CVE-2026-27127 (Craft is a content management system (CMS). In versions 4.5.0-RC1 thro ...) + TODO: check +CVE-2026-27126 (Craft is a content management system (CMS). In versions 4.5.0-RC1 thro ...) + TODO: check +CVE-2026-26983 (ImageMagick is free and open-source software used for editing and mani ...) + TODO: check +CVE-2026-26981 (OpenEXR provides the specification and reference implementation of the ...) + TODO: check +CVE-2026-26331 (yt-dlp is a command-line audio/video downloader. Starting in version 2 ...) + TODO: check +CVE-2026-26284 (ImageMagick is free and open-source software use
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e0f3b9b by security tracker role at 2026-02-23T20:13:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,81 @@ +CVE-2026-3016 (A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. T ...) + TODO: check +CVE-2026-3015 (A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. I ...) + TODO: check +CVE-2026-2985 (A security flaw has been discovered in Tiandy Video Surveillance Syste ...) + TODO: check +CVE-2026-2984 (A vulnerability was identified in SourceCodester Student Result Manage ...) + TODO: check +CVE-2026-2983 (A vulnerability was determined in SourceCodester Student Result Manage ...) + TODO: check +CVE-2026-2981 (A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affe ...) + TODO: check +CVE-2026-2980 (A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Imp ...) + TODO: check +CVE-2026-2979 (A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects ...) + TODO: check +CVE-2026-2698 (An improper access control vulnerability exists where an authenticated ...) + TODO: check +CVE-2026-2697 (An Indirect Object Reference (IDOR) in Security Center allows an authe ...) + TODO: check +CVE-2026-27514 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi contains ...) + TODO: check +CVE-2026-27513 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi contains ...) + TODO: check +CVE-2026-27512 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi contains ...) + TODO: check +CVE-2026-27511 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi contains ...) + TODO: check +CVE-2026-26464 (Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.ph ...) + TODO: check +CVE-2026-26365 (Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles p ...) + TODO: check +CVE-2026-25747 (Deserialization of Untrusted Data vulnerability in Apache Camel LevelD ...) + TODO: check +CVE-2026-23552 (Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache C ...) + TODO: check +CVE-2026-22568 (Improper neutralization of special elements in user-supplied input wit ...) + TODO: check +CVE-2026-22567 (Improper validation of user-supplied input in the ZIA Admin UI could a ...) + TODO: check +CVE-2026-21420 (Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Un ...) + TODO: check +CVE-2025-70329 (TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injecti ...) + TODO: check +CVE-2025-70058 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...) + TODO: check +CVE-2025-70045 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...) + TODO: check +CVE-2025-70044 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...) + TODO: check +CVE-2025-70043 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...) + TODO: check +CVE-2025-69700 (Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerabi ...) + TODO: check +CVE-2025-63946 (A privilege escalation (PE) vulnerability in the Tencent PC Manager ap ...) + TODO: check +CVE-2025-63945 (A privilege escalation (PE) vulnerability in the Tencent iOA app thru ...) + TODO: check +CVE-2025-61147 (strukturag libde265 commit d9fea9d wa discovered to contain a segmenta ...) + TODO: check +CVE-2025-61146 (saitoha libsixel until v1.8.7 was discovered to contain a memory leak ...) + TODO: check +CVE-2025-61145 (libtiff up to v4.7.1 was discovered to contain a double free via the c ...) + TODO: check +CVE-2025-61144 (libtiff up to v4.7.1 was discovered to contain a stack overflow via th ...) + TODO: check +CVE-2025-61143 (libtiff up to v4.7.1 was discovered to contain a NULL pointer derefere ...) + TODO: check +CVE-2025-59873 (An information exposure vulnerability exists in Vulnerability in HCL ...) + TODO: check +CVE-2025-41002 (SQL injection vulnerability in Infoticketing. This vulnerability allow ...) + TODO: check +CVE-2025-40986 (Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This ...) + TODO: check +CVE-2025-40701 (Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3. ...) + TODO: check +CVE-2025-14905 (A flaw was found in the 389-ds-base server. A heap buffer overflow vul ...) + TODO: check CVE-2026-2998 (ERP developed by eAI Technologies has a DLL Hijacking vulnerability, a ...) NOT-FOR-US: ERP eAI Technologies CVE-2026-2997 (Tronclass developed by WisdomGarden has a Insecure Direct Obje
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e6e7789d by security tracker role at 2026-02-23T08:12:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,56 @@ -CVE-2026-2588 +CVE-2026-2998 (ERP developed by eAI Technologies has a DLL Hijacking vulnerability, a ...) + TODO: check +CVE-2026-2997 (Tronclass developed by WisdomGarden has a Insecure Direct Object Refer ...) + TODO: check +CVE-2026-2978 (A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnera ...) + TODO: check +CVE-2026-2977 (A security vulnerability has been detected in FastApiAdmin up to 2.2.0 ...) + TODO: check +CVE-2026-2976 (A weakness has been identified in FastApiAdmin up to 2.2.0. Affected b ...) + TODO: check +CVE-2026-2975 (A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affec ...) + TODO: check +CVE-2026-2974 (A vulnerability was identified in AliasVault App up to 0.25.3 on Andro ...) + TODO: check +CVE-2026-2972 (A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. Th ...) + TODO: check +CVE-2026-2971 (A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affecte ...) + TODO: check +CVE-2026-2970 (A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. A ...) + TODO: check +CVE-2026-2969 (A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected i ...) + TODO: check +CVE-2026-2968 (A vulnerability was detected in Cesanta Mongoose up to 7.20. This impa ...) + TODO: check +CVE-2026-2967 (A security vulnerability has been detected in Cesanta Mongoose up to 7 ...) + TODO: check +CVE-2026-2966 (A weakness has been identified in Cesanta Mongoose up to 7.20. The imp ...) + TODO: check +CVE-2026-2965 (A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCR ...) + TODO: check +CVE-2026-2964 (A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1 ...) + TODO: check +CVE-2026-2963 (A vulnerability was determined in Jinher OA C6 up to 20260210. This is ...) + TODO: check +CVE-2026-2962 (A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerabili ...) + TODO: check +CVE-2026-2961 (A vulnerability has been found in D-Link DWR-M960 1.01.07. This affect ...) + TODO: check +CVE-2026-2960 (A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this iss ...) + TODO: check +CVE-2026-2959 (A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by t ...) + TODO: check +CVE-2026-2958 (A security vulnerability has been detected in D-Link DWR-M960 1.01.07. ...) + TODO: check +CVE-2026-2957 (A weakness has been identified in qinming99 dst-admin up to 1.5.0. Thi ...) + TODO: check +CVE-2026-2956 (A security flaw has been discovered in qinming99 dst-admin up to 1.5.0 ...) + TODO: check +CVE-2026-24494 (SQL Injection vulnerability in the /api/integrations/getintegrations e ...) + TODO: check +CVE-2026-1367 (Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are v ...) + TODO: check +CVE-2026-2588 (Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer ove ...) - libcrypt-nacl-sodium-perl (bug #1117213) NOTE: https://lists.security.metacpan.org/cve-announce/msg/37282261/ CVE-2026-2954 (A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the fun ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e7789d3d137e3c09307a4d277405713b5ac278 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e7789d3d137e3c09307a4d277405713b5ac278 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f3f4b5d by security tracker role at 2026-02-22T20:13:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,67 @@
+CVE-2026-2954 (A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is
the fun ...)
+ TODO: check
+CVE-2026-2953 (A vulnerability has been found in Dromara UJCMS 101.2. This
issue affe ...)
+ TODO: check
+CVE-2026-2952 (A flaw has been found in Vaelsys 4.1.0. This vulnerability
affects unk ...)
+ TODO: check
+CVE-2026-2947 (A vulnerability was detected in rymcu forest up to 0.0.5. This
affects ...)
+ TODO: check
+CVE-2026-2946 (A security vulnerability has been detected in rymcu forest up
to 0.0.5 ...)
+ TODO: check
+CVE-2026-2945 (A weakness has been identified in JeecgBoot 3.9.0. Affected by
this vu ...)
+ TODO: check
+CVE-2026-2944 (A security flaw has been discovered in Tosei Online Store
Management S ...)
+ TODO: check
+CVE-2026-2943 (A vulnerability was identified in SapneshNaik Student
Management Syste ...)
+ TODO: check
+CVE-2026-2940 (A vulnerability was determined in Zaher1307 tiny_web_server up
to 8d77 ...)
+ TODO: check
+CVE-2026-2939 (A vulnerability was found in itsourcecode Student Management
System 1. ...)
+ TODO: check
+CVE-2026-2938 (A vulnerability has been found in SourceCodester Student Result
Manage ...)
+ TODO: check
+CVE-2026-2935 (A weakness has been identified in UTT HiPER 810G up to
1.7.7-171114. T ...)
+ TODO: check
+CVE-2026-2934 (A security vulnerability has been detected in YiFang CMS up to
2.0.5. ...)
+ TODO: check
+CVE-2026-2385 (The The Plus Addons for Elementor \u2013 Addons for Elementor,
Page Te ...)
+ TODO: check
+CVE-2019-25462 (Web Ofisi Rent a Car v3 contains an SQL injection
vulnerability that a ...)
+ TODO: check
+CVE-2019-25461 (Web Ofisi Platinum E-Ticaret v5 contains an SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2019-25460 (Web Ofisi Platinum E-Ticaret v5 contains an SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2019-25459 (Web Ofisi Emlak V2 contains multiple SQL injection
vulnerabilities in ...)
+ TODO: check
+CVE-2019-25458 (Web Ofisi Firma Rehberi v1 contains an SQL injection
vulnerability tha ...)
+ TODO: check
+CVE-2019-25457 (Web Ofisi Firma v13 contains an SQL injection vulnerability
that allow ...)
+ TODO: check
+CVE-2019-25456 (Web Ofisi Emlak v2 contains an SQL injection vulnerability
that allows ...)
+ TODO: check
+CVE-2019-25455 (Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability
that al ...)
+ TODO: check
+CVE-2019-25452 (Dolibarr ERP/CRM 10.0.1 contains an SQL injection
vulnerability in the ...)
+ TODO: check
+CVE-2019-25450 (Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection
vulnerabilitie ...)
+ TODO: check
+CVE-2019-25446 (DIGIT CENTRIS ERP contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2019-25443 (Inventory Webapp contains an SQL injection vulnerability that
allows u ...)
+ TODO: check
+CVE-2019-25442 (Web Wiz Forums 12.01 contains an SQL injection vulnerability
that allo ...)
+ TODO: check
+CVE-2019-25440 (WebIncorp ERP contains an SQL injection vulnerability that
allows unau ...)
+ TODO: check
+CVE-2019-25439 (NoviSmart CMS contains an SQL injection vulnerability that
allows remo ...)
+ TODO: check
+CVE-2019-25433 (XOOPS CMS 2.5.9 contains an SQL injection vulnerability that
allows un ...)
+ TODO: check
+CVE-2019-25391 (Ashop Shopping Cart Software contains a time-based blind SQL
injection ...)
+ TODO: check
+CVE-2019-25366 (microASP Portal+ CMS contains an SQL injection vulnerability
that allo ...)
+ TODO: check
CVE-2026-2597 [Disallow requesting strings with negative lengths]
- libcrypt-sysrandom-xs-perl 0.011-1
NOTE: Fixed by:
https://github.com/Leont/crypt-sysrandom-xs/commit/a402e0381a2150799a9ad919f0942f62d0282d2d
(v0.010)
@@ -2802,7 +2866,7 @@ CVE-2026-2452 (Emails sent by pretix can utilize
placeholders that will be fille
CVE-2026-2451 (Emails sent by pretix can utilize placeholders that will be
filled wit ...)
NOT-FOR-US: rami.io products
CVE-2026-2447 (Heap buffer overflow in libvpx. This vulnerability affects
Firefox < 1 ...)
- {DSA-6143-1}
+ {DSA-6143-1 DLA-4489-1}
- firefox 147.0.4-1 (unimportant)
- firefox-esr (unimportant)
- libvpx 1.16.0-3 (bug #1128283)
@@ -6127,7 +6191,7 @@ CVE-2026-22613 (The server identity check mechanism for
firmware upgrade perform
NOT-FOR-US: Eaton
CVE-2026-1868 (GitLab has remediated a vulnerability in the Duo Workflow
Service comp ...)
NOT-FOR-US: GitLab AI Gateway
-CVE-2026-1615
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62e8ba14 by security tracker role at 2026-02-22T08:12:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,67 @@ +CVE-2026-2933 (A weakness has been identified in YiFang CMS up to 2.0.5. This affects ...) + TODO: check +CVE-2026-2932 (A security flaw has been discovered in YiFang CMS up to 2.0.5. The imp ...) + TODO: check +CVE-2026-2930 (A vulnerability was identified in Tenda A18 15.13.07.13. The affected ...) + TODO: check +CVE-2026-2929 (A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is ...) + TODO: check +CVE-2026-2928 (A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affec ...) + TODO: check +CVE-2026-2927 (A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulner ...) + TODO: check +CVE-2026-2926 (A flaw has been found in D-Link DWR-M960 1.01.07. This affects the fun ...) + TODO: check +CVE-2026-2925 (A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by t ...) + TODO: check +CVE-2026-2913 (A vulnerability was determined in libvips up to 8.19.0. The affected e ...) + TODO: check +CVE-2026-2912 (A vulnerability was found in code-projects Online Reviewer System 1.0. ...) + TODO: check +CVE-2026-2911 (A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issu ...) + TODO: check +CVE-2026-2910 (A flaw has been found in Tenda HG9 31138. This vulnerability affec ...) + TODO: check +CVE-2026-2909 (A vulnerability was detected in Tenda HG9 31138. This affects an u ...) + TODO: check +CVE-2026-2908 (A security vulnerability has been detected in Tenda HG9 31138. Aff ...) + TODO: check +CVE-2026-2907 (A weakness has been identified in Tenda HG9 31138. Affected by thi ...) + TODO: check +CVE-2026-2906 (A security flaw has been discovered in Tenda HG9 31138. Affected i ...) + TODO: check +CVE-2026-2905 (A vulnerability was identified in Tenda HG9 31138. This impacts an ...) + TODO: check +CVE-2026-2904 (A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This af ...) + TODO: check +CVE-2026-2903 (A flaw has been found in skvadrik re2c up to 4.4. Impacted is the func ...) + TODO: check +CVE-2026-2898 (A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue a ...) + TODO: check +CVE-2026-2897 (A security vulnerability has been detected in funadmin up to 7.1.0-rc4 ...) + TODO: check +CVE-2026-2896 (A weakness has been identified in funadmin up to 7.1.0-rc4. This affec ...) + TODO: check +CVE-2026-2895 (A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affec ...) + TODO: check +CVE-2026-2894 (A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected b ...) + TODO: check +CVE-2026-2889 (A vulnerability was detected in CCExtractor up to 0.96.5. Affected is ...) + TODO: check +CVE-2026-2887 (A security vulnerability has been detected in aardappel lobster up to ...) + TODO: check +CVE-2026-2886 (A weakness has been identified in Tenda A21 1.0.0.0. This affects the ...) + TODO: check +CVE-2026-2885 (A security flaw has been discovered in D-Link DWR-M960 1.01.07. The im ...) + TODO: check +CVE-2026-2884 (A vulnerability was identified in D-Link DWR-M960 1.01.07. The affecte ...) + TODO: check +CVE-2026-2883 (A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is ...) + TODO: check +CVE-2026-2882 (A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affec ...) + TODO: check +CVE-2026-1369 (The Conditional CAPTCHA WordPress plugin through 4.0.0 does not valida ...) + TODO: check CVE-2026-2881 (A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulner ...) NOT-FOR-US: D-Link CVE-2026-2877 (A vulnerability has been found in Tenda A18 15.13.07.13. This affects ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62e8ba1456cd0239c9d86af6afc80cea74a05712 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62e8ba1456cd0239c9d86af6afc80cea74a05712 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
64c73bf1 by security tracker role at 2026-02-21T20:13:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,51 @@
+CVE-2026-2881 (A vulnerability has been found in D-Link DWR-M960 1.01.07. This
vulner ...)
+ TODO: check
+CVE-2026-2877 (A vulnerability has been found in Tenda A18 15.13.07.13. This
affects ...)
+ TODO: check
+CVE-2026-2876 (A vulnerability was determined in Tenda A18 15.13.07.13. This
affects ...)
+ TODO: check
+CVE-2026-2874 (A flaw has been found in Tenda A21 1.0.0.0. Impacted is the
function f ...)
+ TODO: check
+CVE-2026-2873 (A vulnerability was detected in Tenda A21 1.0.0.0. This issue
affects ...)
+ TODO: check
+CVE-2026-2872 (A security vulnerability has been detected in Tenda A21
1.0.0.0. This ...)
+ TODO: check
+CVE-2026-2871 (A weakness has been identified in Tenda A21 1.0.0.0. This
affects the ...)
+ TODO: check
+CVE-2026-2870 (A security flaw has been discovered in Tenda A21 1.0.0.0.
Affected by ...)
+ TODO: check
+CVE-2026-2869 (A vulnerability was identified in janet-lang janet up to
1.40.1. Affec ...)
+ TODO: check
+CVE-2026-2867 (A vulnerability was determined in itsourcecode Vehicle
Management Syst ...)
+ TODO: check
+CVE-2026-27579 (CollabPlatform is a full-stack, real-time doc collaboration
platform. ...)
+ TODO: check
+CVE-2026-27576 (OpenClaw is a personal AI assistant. In versions 2026.2.17 and
below, ...)
+ TODO: check
+CVE-2026-27574 (OneUptime is a solution for monitoring and managing online
services. I ...)
+ TODO: check
+CVE-2026-27492 (Lettermint Node.js SDK is the official Node.js SDK for
Lettermint. In ...)
+ TODO: check
+CVE-2026-27488 (OpenClaw is a personal AI assistant. In versions 2026.2.17 and
below, ...)
+ TODO: check
+CVE-2026-27487 (OpenClaw is a personal AI assistant. In versions 2026.2.13 and
below, ...)
+ TODO: check
+CVE-2026-27486 (OpenClaw is a personal AI assistant. In versions 2026.2.13 and
below o ...)
+ TODO: check
+CVE-2026-27485 (OpenClaw is a personal AI assistant. In versions 2026.2.17 and
below, ...)
+ TODO: check
+CVE-2026-27484 (OpenClaw is a personal AI assistant. In versions 2026.2.17 and
below, ...)
+ TODO: check
+CVE-2026-27482 (Ray is an AI compute engine. In versions 2.53.0 and below,
thedashboar ...)
+ TODO: check
+CVE-2026-27480 (Static Web Server (SWS) is a production-ready web server
suitable for ...)
+ TODO: check
+CVE-2026-27479 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
+ TODO: check
+CVE-2026-1787 (The LearnPress Export Import \u2013 WordPress extension for
LearnPress ...)
+ TODO: check
+CVE-2025-14339 (The weMail - Email Marketing, Lead Generation, Optin Forms,
Email News ...)
+ TODO: check
CVE-2026-2865 (A vulnerability was found in itsourcecode Agri-Trading Online
Shopping ...)
NOT-FOR-US: itsourcecode System
CVE-2026-2864 (A vulnerability has been found in feng_ha_ha/megagao ssm-erp
and produ ...)
@@ -2755,13 +2803,13 @@ CVE-2019-25379 (Smoothwall Express
3.1-SP4-polar-x86_64-update9 contains stored
CVE-2019-25378 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple cros ...)
NOT-FOR-US: Smoothwall Express
CVE-2026-2050 [ZDI-CAN-28266: New Vulnerability Report at rgbe.c]
- {DSA-6142-1}
+ {DSA-6142-1 DLA-4487-1}
- gegl 1:0.4.66-1
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/446
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gegl/-/commit/d32f1badb4bde1d6e8137f687d9ee1195768d4ed
CVE-2026-2049 [ZDI-CAN-28618: New Vulnerability Report at rgbe.c]
- {DSA-6142-1}
+ {DSA-6142-1 DLA-4487-1}
- gegl 1:0.4.66-1
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/450
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c73bf1c75e7b5bdbd66996bae2fd1876a54c16
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c73bf1c75e7b5bdbd66996bae2fd1876a54c16
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4026a71a by security tracker role at 2026-02-21T08:12:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,211 @@ +CVE-2026-2865 (A vulnerability was found in itsourcecode Agri-Trading Online Shopping ...) + TODO: check +CVE-2026-2864 (A vulnerability has been found in feng_ha_ha/megagao ssm-erp and produ ...) + TODO: check +CVE-2026-2863 (A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm ...) + TODO: check +CVE-2026-2861 (A vulnerability was detected in Foswiki up to 2.1.10. The affected ele ...) + TODO: check +CVE-2026-2860 (A security vulnerability has been detected in feng_ha_ha/megagao ssm-e ...) + TODO: check +CVE-2026-2858 (A vulnerability was identified in wren-lang wren up to 0.4.0. This aff ...) + TODO: check +CVE-2026-2857 (A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by ...) + TODO: check +CVE-2026-2856 (A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this ...) + TODO: check +CVE-2026-2855 (A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is ...) + TODO: check +CVE-2026-2635 (MLflow Use of Default Password Authentication Bypass Vulnerability. Th ...) + TODO: check +CVE-2026-2492 (TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privile ...) + TODO: check +CVE-2026-2490 (RustDesk Client for Windows Transfer File Link Following Information D ...) + TODO: check +CVE-2026-2048 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulner ...) + TODO: check +CVE-2026-2047 (GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Executio ...) + TODO: check +CVE-2026-2045 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulner ...) + TODO: check +CVE-2026-2044 (GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulne ...) + TODO: check +CVE-2026-2043 (Nagios Host esensors_websensor_configwizard_func Command Injection Rem ...) + TODO: check +CVE-2026-2042 (Nagios Host monitoringwizard Command Injection Remote Code Execution V ...) + TODO: check +CVE-2026-2041 (Nagios Host zabbixagent_configwizard_func Command Injection Remote Cod ...) + TODO: check +CVE-2026-2040 (PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Loca ...) + TODO: check +CVE-2026-2039 (GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vu ...) + TODO: check +CVE-2026-2038 (GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vul ...) + TODO: check +CVE-2026-2037 (GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code E ...) + TODO: check +CVE-2026-2036 (GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code ...) + TODO: check +CVE-2026-2035 (Deciso OPNsense diag_backup.php filename Command Injection Remote Code ...) + TODO: check +CVE-2026-2034 (Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Ex ...) + TODO: check +CVE-2026-2033 (MLflow Tracking Server Artifact Handler Directory Traversal Remote Cod ...) + TODO: check +CVE-2026-27534 + REJECTED +CVE-2026-27533 + REJECTED +CVE-2026-27532 + REJECTED +CVE-2026-27531 + REJECTED +CVE-2026-27530 + REJECTED +CVE-2026-27529 + REJECTED +CVE-2026-27528 + REJECTED +CVE-2026-27527 + REJECTED +CVE-2026-27471 (ERP is a free and open source Enterprise Resource Planning tool. In ve ...) + TODO: check +CVE-2026-27470 (ZoneMinder is a free, open source closed-circuit television software a ...) + TODO: check +CVE-2026-27469 (Isso is a lightweight commenting server written in Python and JavaScri ...) + TODO: check +CVE-2026-27467 (BigBlueButton is an open-source virtual classroom. In versions 3.0.19 ...) + TODO: check +CVE-2026-27466 (BigBlueButton is an open-source virtual classroom. In versions 3.0.21 ...) + TODO: check +CVE-2026-27464 (Metabase is an open-source data analytics platform. In versions prior ...) + TODO: check +CVE-2026-27458 (LinkAce is a self-hosted archive to collect website links. Versions 2. ...) + TODO: check +CVE-2026-27452 (ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rule ...) + TODO: check +CVE-2026-27212 (Swiper is a free and mobile touch slider with hardware accelerated tra ...) + TODO: check +CVE-2026-27211 (Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Ver ...) + TODO: check +CVE-2026-27210 (Pannellum is a lightweight, free, and open source panorama viewer for ...) + TODO: check +CVE-2026-27205 (Flask is a web server gateway interface (WSGI) web application
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc0c4b4c by security tracker role at 2026-02-20T20:13:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,551 @@
+CVE-2026-2854 (A flaw has been found in D-Link DWR-M960 1.01.07. This impacts
the fun ...)
+ TODO: check
+CVE-2026-2853 (A vulnerability was detected in D-Link DWR-M960 1.01.07. This
affects ...)
+ TODO: check
+CVE-2026-2852 (A vulnerability was identified in yeqifu warehouse up to
aaf29962ba407 ...)
+ TODO: check
+CVE-2026-2851 (A vulnerability was determined in yeqifu warehouse up to
aaf29962ba407 ...)
+ TODO: check
+CVE-2026-2850 (A vulnerability was found in yeqifu warehouse up to
aaf29962ba407d22d9 ...)
+ TODO: check
+CVE-2026-2849 (A vulnerability has been found in yeqifu warehouse up to
aaf29962ba407 ...)
+ TODO: check
+CVE-2026-2848 (A flaw has been found in SourceCodester Simple Responsive
Tourism Webs ...)
+ TODO: check
+CVE-2026-2847 (A vulnerability was detected in UTT HiPER 520 1.7.7-160105.
Affected i ...)
+ TODO: check
+CVE-2026-2846 (A security vulnerability has been detected in UTT HiPER 520
1.7.7-1601 ...)
+ TODO: check
+CVE-2026-2832 (Certain Samsung MultiXpress Multifunction Printers may be
vulnerable t ...)
+ TODO: check
+CVE-2026-2818 (A zip-slip path traversal vulnerability in Spring Data Geode's
import ...)
+ TODO: check
+CVE-2026-2486 (The Master Addons For Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-2473 (Predictable bucket naming in Vertex AI Experiments in Google
Cloud Ver ...)
+ TODO: check
+CVE-2026-2472 (Stored Cross-Site Scripting (XSS) in the
_genai/_evals_visualization c ...)
+ TODO: check
+CVE-2026-2333 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2026-27506 (SVXportal version 2.5 and prior contain a stored cross-site
scripting ...)
+ TODO: check
+CVE-2026-27505 (SVXportal version 2.5 and prior contain a stored cross-site
scripting ...)
+ TODO: check
+CVE-2026-27504 (SVXportal version 2.5 and prior contain a reflected cross-site
scripti ...)
+ TODO: check
+CVE-2026-27503 (SVXportal version 2.5 and prior contain a reflected cross-site
scripti ...)
+ TODO: check
+CVE-2026-27502 (SVXportal version 2.5 and prior contain a reflected cross-site
scripti ...)
+ TODO: check
+CVE-2026-27115 (ADB Explorer is a fluent UI for ADB on Windows. Versions
0.9.26020 and ...)
+ TODO: check
+CVE-2026-27072 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-26747 (A Host Header Poisoning vulnerability exists in Monica 4.1.2
due to im ...)
+ TODO: check
+CVE-2026-26746 (OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI)
vulnerabilit ...)
+ TODO: check
+CVE-2026-26745 (OpenSourcePOS 3.4.1 has a second order SQL Injection
vulnerability in ...)
+ TODO: check
+CVE-2026-26725 (An issue in edu Business Solutions Print Shop Pro WebDesk
v.18.34 allo ...)
+ TODO: check
+CVE-2026-26724 (Cross Site Scripting vulnerability in Key Systems Inc Global
Facilitie ...)
+ TODO: check
+CVE-2026-26723 (Cross Site Scripting vulnerability in Key Systems Inc Global
Facilitie ...)
+ TODO: check
+CVE-2026-26722 (An issue in Key Systems Inc Global Facilities Management
Software v.20 ...)
+ TODO: check
+CVE-2026-26721 (An issue in Key Systems Inc Global Facilities Management
Software v.20 ...)
+ TODO: check
+CVE-2026-26102 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
+ TODO: check
+CVE-2026-26101 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
+ TODO: check
+CVE-2026-26100 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
+ TODO: check
+CVE-2026-26099 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows
Leveraging ...)
+ TODO: check
+CVE-2026-26098 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows
Leveraging ...)
+ TODO: check
+CVE-2026-26097 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows
Leveraging ...)
+ TODO: check
+CVE-2026-26096 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
+ TODO: check
+CVE-2026-26095 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
+ TODO: check
+CVE-2026-26093 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2026-26050 (The installer for
\u30b8\u30e7\u30d6\u30ed\u30b0\u96c6\u8a08/\u5206\u6 ...)
+ TODO: check
+CVE-2026-26049 (The web management interface of the device renders the
passwords in a ...)
+ T
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
018bf855 by security tracker role at 2026-02-20T08:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,213 @@
+CVE-2026-2825 (A vulnerability has been found in rachelos WeRSS we-mp-rss up
to 1.4.8 ...)
+ TODO: check
+CVE-2026-2824 (A flaw has been found in Comfast CF-E7 2.6.0.9. This affects
the funct ...)
+ TODO: check
+CVE-2026-2823 (A vulnerability was detected in Comfast CF-E7 2.6.0.9. The
impacted el ...)
+ TODO: check
+CVE-2026-2822 (A security vulnerability has been detected in JeecgBoot up to
3.9.1. T ...)
+ TODO: check
+CVE-2026-2821 (A weakness has been identified in Fujian Smart Integrated
Management P ...)
+ TODO: check
+CVE-2026-2820 (A security flaw has been discovered in Fujian Smart Integrated
Managem ...)
+ TODO: check
+CVE-2026-2819 (A vulnerability was identified in Dromara RuoYi-Vue-Plus up to
5.5.3. ...)
+ TODO: check
+CVE-2026-2739 (This affects versions of the package bn.js before 5.2.3.
Calling maskn ...)
+ TODO: check
+CVE-2026-2738 (Buffer overflow in ovpn\u2011dco\u2011winversion 2.8.0 allows
local at ...)
+ TODO: check
+CVE-2026-2605 (Tanium addressed an insertion of sensitive information into log
file v ...)
+ TODO: check
+CVE-2026-2435 (Tanium addressed a SQL injection vulnerability in Asset.)
+ TODO: check
+CVE-2026-2408 (Tanium addressed a use-after-free vulnerability in the Cloud
Workloads ...)
+ TODO: check
+CVE-2026-2384 (The Quiz Maker plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-2350 (Tanium addressed an insertion of sensitive information into log
file v ...)
+ TODO: check
+CVE-2026-27476 (RustFly 2.0.0 contains a command injection vulnerability in
its remote ...)
+ TODO: check
+CVE-2026-27440 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27387 (Missing Authorization vulnerability in designinvento
DirectoryPress di ...)
+ TODO: check
+CVE-2026-27368 (Missing Authorization vulnerability in SeedProd Coming Soon
Page, Unde ...)
+ TODO: check
+CVE-2026-27360 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27343 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-27328 (Missing Authorization vulnerability in DevsBlink EduBlink
edublink all ...)
+ TODO: check
+CVE-2026-27327 (Missing Authorization vulnerability in YayCommerce YayMail
\u2013 WooC ...)
+ TODO: check
+CVE-2026-27325
+ REJECTED
+CVE-2026-27324
+ REJECTED
+CVE-2026-27323
+ REJECTED
+CVE-2026-27322
+ REJECTED
+CVE-2026-27321
+ REJECTED
+CVE-2026-27320
+ REJECTED
+CVE-2026-27319
+ REJECTED
+CVE-2026-27318
+ REJECTED
+CVE-2026-27317
+ REJECTED
+CVE-2026-27114 (NanaZip is an open source file archive Starting in version
5.0.1252.0 ...)
+ TODO: check
+CVE-2026-27017 (uTLS is a fork of crypto/tls, created to customize ClientHello
for fin ...)
+ TODO: check
+CVE-2026-27016 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2026-27014 (NanaZip is an open source file archive Starting in version
5.0.1252.0 ...)
+ TODO: check
+CVE-2026-27009 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, a ato ...)
+ TODO: check
+CVE-2026-27008 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, a bug ...)
+ TODO: check
+CVE-2026-27007 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, `norm ...)
+ TODO: check
+CVE-2026-27004 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, in so ...)
+ TODO: check
+CVE-2026-27003 (OpenClaw is a personal AI assistant. Telegram bot tokens can
appear in ...)
+ TODO: check
+CVE-2026-27002 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, a con ...)
+ TODO: check
+CVE-2026-27001 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, OpenC ...)
+ TODO: check
+CVE-2026-26996 (minimatch is a minimal matching utility for converting glob
expression ...)
+ TODO: check
+CVE-2026-26995
+ REJECTED
+CVE-2026-26994 (uTLS is a fork of crypto/tls, created to customize ClientHello
for fin ...)
+ TODO: check
+CVE-2026-26993 (Flare is a Next.js-based, self-hostable file sharing platform
that int ...)
+ TODO: check
+CVE-2026-26992 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2026-26991 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2026-26990 (Li
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b4f1ef7 by security tracker role at 2026-02-19T20:13:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,491 @@
+CVE-2026-2817 (Use of insecure directory in Spring Data Geode snapshot import
extract ...)
+ TODO: check
+CVE-2026-2744
+ REJECTED
+CVE-2026-2736 (Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms
v18.0, which ...)
+ TODO: check
+CVE-2026-2735 (Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0,
which oc ...)
+ TODO: check
+CVE-2026-2718 (The Dealia \u2013 Request a Quote plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-2716 (The Client Testimonial Slider plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2026-2409 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-2274 (A SSRF and Arbitrary File Read vulnerability in AppSheet Core
in Googl ...)
+ TODO: check
+CVE-2026-2243 (A flaw was found in QEMU. A specially crafted VMDK image could
trigger ...)
+ TODO: check
+CVE-2026-2232 (The Product Table and List Builder for WooCommerce Lite plugin
for Wor ...)
+ TODO: check
+CVE-2026-27475 (SPIP before 4.4.9 allows Insecure Deserialization in the
public area t ...)
+ TODO: check
+CVE-2026-27474 (SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the
private are ...)
+ TODO: check
+CVE-2026-27473 (SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via
syndica ...)
+ TODO: check
+CVE-2026-27472 (SPIP before 4.4.9 allows Blind Server-Side Request Forgery
(SSRF) via ...)
+ TODO: check
+CVE-2026-27094 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27092 (Missing Authorization vulnerability in Greg Winiarski
WPAdverts wpadve ...)
+ TODO: check
+CVE-2026-27090 (Cross-Site Request Forgery (CSRF) vulnerability in WP Moose
Kenta Comp ...)
+ TODO: check
+CVE-2026-27074 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27069 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27066 (Missing Authorization vulnerability in PI Web Solution Live
sales noti ...)
+ TODO: check
+CVE-2026-27059 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27058 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27057 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27056 (Missing Authorization vulnerability in StellarWP iThemes Sync
ithemes- ...)
+ TODO: check
+CVE-2026-27055 (Missing Authorization vulnerability in PenciDesign Penci AI
SmartConte ...)
+ TODO: check
+CVE-2026-27052 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-27050 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress
RealPress ...)
+ TODO: check
+CVE-2026-27042 (Missing Authorization vulnerability in WPDeveloper
NotificationX notif ...)
+ TODO: check
+CVE-2026-27013 (Fabric.js is a Javascript HTML5 canvas library. Prior to
version 7.2.0 ...)
+ TODO: check
+CVE-2026-26362 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a
Relative Pa ...)
+ TODO: check
+CVE-2026-26361 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an
External C ...)
+ TODO: check
+CVE-2026-26360 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an
External C ...)
+ TODO: check
+CVE-2026-26359 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an
External C ...)
+ TODO: check
+CVE-2026-26358 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a
Missing Aut ...)
+ TODO: check
+CVE-2026-26345 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the
public area ...)
+ TODO: check
+CVE-2026-26339 (Hyland Alfresco Transformation Service allows unauthenticated
attacker ...)
+ TODO: check
+CVE-2026-26338 (Hyland Alfresco Transformation Service allows unauthenticated
attacker ...)
+ TODO: check
+CVE-2026-26337 (Hyland Alfresco Transformation Service allows unauthenticated
attacker ...)
+ TODO: check
+CVE-2026-26336 (Hyland Alfresco allows unauthenticated attackers to read
arbitrary fil ...)
+ TODO: check
+CVE-2026-26318 (systeminformation is a System and OS information library for
node.js. ...)
+ TODO: check
+CVE-2026-26280 (systeminformation is a System and OS information library for
node.js. ...)
+ TODO: check
+CVE-2026-26278 (fast-xml-parser allows users to validate XML, pa
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0ca429a by security tracker role at 2026-02-19T08:13:07+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,323 @@ -CVE-2026-2650 +CVE-2026-2733 (A flaw was identified in the Docker v2 authentication endpoint of Keyc ...) + TODO: check +CVE-2026-2731 (Path traversal and content injection in JobRunnerBackground.aspx in Dy ...) + TODO: check +CVE-2026-2711 (A vulnerability has been found in zhutoutoutousan worldquant-miner up ...) + TODO: check +CVE-2026-2709 (A flaw has been found in busy up to 2.5.5. The affected element is an ...) + TODO: check +CVE-2026-2706 (A flaw has been found in code-projects Patient Record Management Syste ...) + TODO: check +CVE-2026-2705 (A vulnerability was detected in Open Babel up to 3.1.1. The impacted e ...) + TODO: check +CVE-2026-2704 (A security vulnerability has been detected in Open Babel up to 3.1.1. ...) + TODO: check +CVE-2026-2703 (A weakness has been identified in xlnt-community xlnt up to 1.6.1. Imp ...) + TODO: check +CVE-2026-2702 (A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. T ...) + TODO: check +CVE-2026-2693 (A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. ...) + TODO: check +CVE-2026-2692 (A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This ...) + TODO: check +CVE-2026-2691 (A vulnerability has been found in itsourcecode Event Management System ...) + TODO: check +CVE-2026-2690 (A flaw has been found in itsourcecode Event Management System 1.0. Aff ...) + TODO: check +CVE-2026-2689 (A vulnerability was detected in itsourcecode Event Management System 1 ...) + TODO: check +CVE-2026-2686 (A security vulnerability has been detected in SECCN Dingcheng G10 3.1. ...) + TODO: check +CVE-2026-2684 (A vulnerability was determined in Tsinghua Unigroup Electronic Archive ...) + TODO: check +CVE-2026-2683 (A vulnerability was found in Tsinghua Unigroup Electronic Archives Sys ...) + TODO: check +CVE-2026-2682 (A vulnerability has been found in Tsinghua Unigroup Electronic Archive ...) + TODO: check +CVE-2026-2676 (A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13 ...) + TODO: check +CVE-2026-2672 (A security flaw has been discovered in Tsinghua Unigroup Electronic Ar ...) + TODO: check +CVE-2026-2670 (A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. ...) + TODO: check +CVE-2026-2669 (A vulnerability was determined in Rongzhitong Visual Integrated Comman ...) + TODO: check +CVE-2026-2668 (A vulnerability was found in Rongzhitong Visual Integrated Command and ...) + TODO: check +CVE-2026-2667 (A vulnerability has been found in Rongzhitong Visual Integrated Comman ...) + TODO: check +CVE-2026-2666 (A flaw has been found in mingSoft MCMS 6.1.1. The affected element is ...) + TODO: check +CVE-2026-2665 (A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3 ...) + TODO: check +CVE-2026-2504 (The Dealia \u2013 Request a quote plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2026-2502 (The xmlrpc attacks blocker plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2026-2284 (The News Element Elementor Blog Magazine plugin for WordPress is vulne ...) + TODO: check +CVE-2026-2282 (The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2026-27182 (Saturn Remote Mouse Server contains a command injection vulnerability ...) + TODO: check +CVE-2026-27181 (MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary ...) + TODO: check +CVE-2026-27180 (MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated ...) + TODO: check +CVE-2026-27179 (MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL ...) + TODO: check +CVE-2026-27178 (MajorDoMo (aka Major Domestic Module) contains a stored cross-site scr ...) + TODO: check +CVE-2026-27177 (MajorDoMo (aka Major Domestic Module) contains a stored cross-site scr ...) + TODO: check +CVE-2026-27176 (MajorDoMo (aka Major Domestic Module) contains a reflected cross-site ...) + TODO: check +CVE-2026-27175 (MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated ...) + TODO: check +CVE-2026-27174 (MajorDoMo (aka Major Domestic Module) allows unauthenticated remote co ...) + TODO: check +CVE-2026-26281 (InvoicePlane is a self-hosted open source application for managing inv ...) + TODO: check +CVE-2026-26270 (InvoicePlane is a self-hosted open source application for managing inv ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae866f45 by security tracker role at 2026-02-18T20:13:33+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,88 +1,298 @@ -CVE-2026-23230 [smb: client: split cached_fid bitfields to avoid shared-byte RMW races] +CVE-2026-2663 (A security vulnerability has been detected in Alixhan xh-admin-backend ...) + TODO: check +CVE-2026-2662 (A weakness has been identified in FascinatedBox lily up to 2.3. This v ...) + TODO: check +CVE-2026-2661 (A security flaw has been discovered in Squirrel up to 3.2. This affect ...) + TODO: check +CVE-2026-2660 (A vulnerability was identified in FascinatedBox lily up to 2.3. Affect ...) + TODO: check +CVE-2026-2659 (A vulnerability was determined in Squirrel up to 3.2. Affected by this ...) + TODO: check +CVE-2026-2658 (A vulnerability was found in newbee-ltd newbee-mall up to a069069b0702 ...) + TODO: check +CVE-2026-2657 (A vulnerability has been found in wren-lang wren up to 0.4.0. This imp ...) + TODO: check +CVE-2026-2656 (A flaw has been found in ChaiScript up to 6.1.0. This affects the func ...) + TODO: check +CVE-2026-2655 (A vulnerability was detected in ChaiScript up to 6.1.0. The impacted e ...) + TODO: check +CVE-2026-2654 (A weakness has been identified in huggingface smolagents 1.24.0. Impac ...) + TODO: check +CVE-2026-2653 (A security flaw has been discovered in admesh up to 0.98.5. This issue ...) + TODO: check +CVE-2026-2507 (When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can ...) + TODO: check +CVE-2026-2495 (The WPNakama \u2013 Team and multi-Client Collaboration, Editorial and ...) + TODO: check +CVE-2026-2464 (Path traversal vulnerability in the AMR Printer Management 1.01 Beta w ...) + TODO: check +CVE-2026-2426 (The WP-DownloadManager plugin for WordPress is vulnerable to Path Trav ...) + TODO: check +CVE-2026-2386 (The The Plus Addons for Elementor \u2013 Addons for Elementor, Page Te ...) + TODO: check +CVE-2026-2329 (An unauthenticated stack-based buffer overflow vulnerability exists in ...) + TODO: check +CVE-2026-2230 (The Booking Calendar plugin for WordPress is vulnerable to Insecure Di ...) + TODO: check +CVE-2026-2127 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to un ...) + TODO: check +CVE-2026-2126 (The User Submitted Posts \u2013 Enable Users to Submit Posts from the ...) + TODO: check +CVE-2026-27100 (Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Paramet ...) + TODO: check +CVE-2026-27099 (Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.54 ...) + TODO: check +CVE-2026-25500 (Rack is a modular Ruby web server interface. Prior to versions 2.2.22, ...) + TODO: check +CVE-2026-23491 (InvoicePlane is a self-hosted open source application for managing inv ...) + TODO: check +CVE-2026-22860 (Rack is a modular Ruby web server interface. Prior to versions 2.2.22, ...) + TODO: check +CVE-2026-20144 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and ...) + TODO: check +CVE-2026-20142 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and ...) + TODO: check +CVE-2026-20141 (In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, ...) + TODO: check +CVE-2026-20139 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and ...) + TODO: check +CVE-2026-20138 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and ...) + TODO: check +CVE-2026-20137 (In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and ...) + TODO: check +CVE-2026-1942 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...) + TODO: check +CVE-2026-1941 (The WP Event Aggregator plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2026-1656 (The Business Directory Plugin for WordPress is vulnerable to authoriza ...) + TODO: check +CVE-2026-1649 (The Community Events plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2026-1582 (The WP All Export plugin for WordPress is vulnerable to Sensitive Info ...) + TODO: check +CVE-2026-1441 (Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web ...) + TODO: check +CVE-2026-1440 (Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web ...) + TODO: check +CVE-2026-1439 (Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web ...) + TODO: check +CVE-2026-1438 (Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web ...) + TODO: check +CVE-2026-1437 (Reflected
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ac004df by security tracker role at 2026-02-18T08:12:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,173 @@ +CVE-2026-2644 (A weakness has been identified in niklasso minisat up to 2.2.0. This i ...) + TODO: check +CVE-2026-2642 (A security vulnerability has been detected in ggreer the_silver_search ...) + TODO: check +CVE-2026-2641 (A weakness has been identified in universal-ctags ctags up to 6.2.1. T ...) + TODO: check +CVE-2026-2633 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vul ...) + TODO: check +CVE-2026-2629 (A weakness has been identified in jishi node-sonos-http-api up to 3776 ...) + TODO: check +CVE-2026-2627 (A security flaw has been discovered in Softland FBackup up to 9.9. Thi ...) + TODO: check +CVE-2026-2623 (A flaw has been found in Blossom up to 1.17.1. This issue affects the ...) + TODO: check +CVE-2026-2622 (A vulnerability was detected in Blossom up to 1.17.1. This vulnerabili ...) + TODO: check +CVE-2026-2621 (A security vulnerability has been detected in Sciyon Koyuan Thermoelec ...) + TODO: check +CVE-2026-2576 (The Business Directory Plugin \u2013 Easy Listing Directories for Word ...) + TODO: check +CVE-2026-2570 + REJECTED +CVE-2026-2419 (The WP-DownloadManager plugin for WordPress is vulnerable to Path Trav ...) + TODO: check +CVE-2026-2296 (The Product Addons for Woocommerce \u2013 Product Options with Custom ...) + TODO: check +CVE-2026-2281 (The Private Comment plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2026-2112 (The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2026-2023 (The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Si ...) + TODO: check +CVE-2026-2019 (The Cart All In One For WooCommerce plugin for WordPress is vulnerable ...) + TODO: check +CVE-2026-27171 (zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32 ...) + TODO: check +CVE-2026-27038 + REJECTED +CVE-2026-27037 + REJECTED +CVE-2026-27036 + REJECTED +CVE-2026-27035 + REJECTED +CVE-2026-27034 + REJECTED +CVE-2026-27033 + REJECTED +CVE-2026-27032 + REJECTED +CVE-2026-27031 + REJECTED +CVE-2026-26357 (Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Imprope ...) + TODO: check +CVE-2026-26119 (Improper authentication in Windows Admin Center allows an authorized a ...) + TODO: check +CVE-2026-25421 + REJECTED +CVE-2026-23599 (A local privilege-escalation vulnerability has been discovered in the ...) + TODO: check +CVE-2026-23598 (Vulnerabilities in the API error handling of an HPE Aruba Networking ...) + TODO: check +CVE-2026-23597 (Vulnerabilities in the API error handling of an HPE Aruba Networking ...) + TODO: check +CVE-2026-23596 (A vulnerability in the management API of the affected product could al ...) + TODO: check +CVE-2026-23595 (An authentication bypass in the application API allows an unauthorized ...) + TODO: check +CVE-2026-22762 (Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 ...) + TODO: check +CVE-2026-22284 (Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains ...) + TODO: check +CVE-2026-22048 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.1 ...) + TODO: check +CVE-2026-1943 (The YayMail \u2013 WooCommerce Email Customizer plugin for WordPress i ...) + TODO: check +CVE-2026-1938 (The YayMail \u2013 WooCommerce Email Customizer plugin for WordPress i ...) + TODO: check +CVE-2026-1937 (The YayMail \u2013 WooCommerce Email Customizer plugin for WordPress i ...) + TODO: check +CVE-2026-1931 (The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2026-1925 (The EmailKit \u2013 Email Customizer for WooCommerce & WP plugin for W ...) + TODO: check +CVE-2026-1906 (The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress ...) + TODO: check +CVE-2026-1860 (The Kali Forms plugin for WordPress is vulnerable to Insecure Direct O ...) + TODO: check +CVE-2026-1857 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vul ...) + TODO: check +CVE-2026-1831 (The YayMail - WooCommerce Email Customizer plugin for WordPress is vul ...) + TODO: check +CVE-2026-1807 (The InteractiveCalculator for WordPress plugin for WordPress is vulner ...) + TODO: check +CVE-2026-1714 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +2 ...) + TODO: check +CVE-2026-1670
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ab99d26 by security tracker role at 2026-02-17T20:16:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,120 @@
-CVE-2026-25087 [Potential use-after-free when reading IPC file with
pre-buffering]
+CVE-2026-2630 (A Command Injection vulnerability exists where an
authenticated, remot ...)
+ TODO: check
+CVE-2026-2620 (A weakness has been identified in Huace Monitoring and Early
Warning S ...)
+ TODO: check
+CVE-2026-2618 (A vulnerability was determined in Beetel 777VR1 up to 01.00.09.
This i ...)
+ TODO: check
+CVE-2026-2617 (A vulnerability was found in Beetel 777VR1 up to 01.00.09. This
affect ...)
+ TODO: check
+CVE-2026-2616 (A vulnerability has been found in Beetel 777VR1 up to 01.00.09.
The im ...)
+ TODO: check
+CVE-2026-2615 (A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The
affect ...)
+ TODO: check
+CVE-2026-2608 (The Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg
Editor pl ...)
+ TODO: check
+CVE-2026-2247 (SQL injection vulnerability (SQLi) in Clicldeu SaaS,
specifically in t ...)
+ TODO: check
+CVE-2026-26736 (TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to
contain a ...)
+ TODO: check
+CVE-2026-26732 (TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2026-26731 (TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2026-25903 (Apache NiFi 1.1.0 through 2.7.2 are missing authorization when
updatin ...)
+ TODO: check
+CVE-2026-24734 (Improper Input Validation vulnerability in Apache Tomcat
Native, Apach ...)
+ TODO: check
+CVE-2026-24733 (Improper Input Validation vulnerability in Apache Tomcat.
Tomcat did ...)
+ TODO: check
+CVE-2026-23861 (Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x,
contain(s) an Im ...)
+ TODO: check
+CVE-2026-23648 (Glory RBG-100 recycler systems using the ISPK-08 software
component co ...)
+ TODO: check
+CVE-2026-23647 (Glory RBG-100 recycler systems using the ISPK-08 software
component co ...)
+ TODO: check
+CVE-2026-22769 (Dell RecoverPoint for Virtual Machines, versions prior to
6.0.3.1 HF1, ...)
+ TODO: check
+CVE-2026-22208 (OpenS100 (the reference implementation S-100 viewer) prior to
commit 7 ...)
+ TODO: check
+CVE-2026-1452
+ REJECTED
+CVE-2026-1216 (The RSS Aggregator plugin for WordPress is vulnerable to
Reflected Cro ...)
+ TODO: check
+CVE-2026-0102 (Under specific conditions, a malicious webpage may trigger
autofill po ...)
+ TODO: check
+CVE-2025-8303 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-7706 (Missing Authentication for Critical Function vulnerability in
TUBITAK ...)
+ TODO: check
+CVE-2025-7631 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-70846 (lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting
(XSS) on th ...)
+ TODO: check
+CVE-2025-70830 (A Server-Side Template Injection (SSTI) vulnerability in the
Freemarke ...)
+ TODO: check
+CVE-2025-70829 (An information exposure vulnerability in Datart v1.0.0-rc.3
allows aut ...)
+ TODO: check
+CVE-2025-70828 (An issue in Datart v1.0.0-rc.3 allows attackers to execute
arbitrary c ...)
+ TODO: check
+CVE-2025-70397 (jizhicms 2.5.6 is vulnerable to SQL Injection in
Article/deleteAll and ...)
+ TODO: check
+CVE-2025-67905 (Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator
and perfo ...)
+ TODO: check
+CVE-2025-66614 (Improper Input Validation vulnerability. This issue affects
Apache To ...)
+ TODO: check
+CVE-2025-65753 (An issue in the TLS certification mechanism of Guardian
Gryphon v01.06 ...)
+ TODO: check
+CVE-2025-59793 (Rocket TRUfusion Enterprise through 7.10.5 exposes the
endpoint at /ax ...)
+ TODO: check
+CVE-2025-36598 (Dell Avamar, versions prior to 19.12 with patch 338905,
contains an Im ...)
+ TODO: check
+CVE-2025-36597 (Dell Avamar, versions prior to 19.12 with patch 338905,
contains an Im ...)
+ TODO: check
+CVE-2025-36425 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36247 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36243 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side
request f ...)
+ TODO: check
+CVE-2025-36019 (IBM Concert 1.0.0 through 2.1.0 for Z hub framework is
vulnerable to c ...)
+ TODO: check
+CVE-2025-36018 (IBM Concert 1.0.0 through 2.1.0 for Z hub componentis
vulnerable to cr ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 89d586c6 by security tracker role at 2026-02-17T08:12:55+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2026-2592 (The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2026-2439 (Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate ...) + TODO: check +CVE-2026-2002 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...) + TODO: check +CVE-2026-26220 (LightLLM version 1.1.0 and prior contain an unauthenticated remote cod ...) + TODO: check +CVE-2026-1657 (The EventPrime plugin for WordPress is vulnerable to unauthorized imag ...) + TODO: check +CVE-2026-0829 (The Frontend File Manager Plugin WordPress plugin through 23.5 allows ...) + TODO: check +CVE-2025-15578 (Maypole versions from 2.10 through 2.13 for Perl generates session ids ...) + TODO: check +CVE-2025-12062 (The WP Maps \u2013 Store Locator,Google Maps,OpenStreetMap,Mapbox,List ...) + TODO: check CVE-2026-2604 - evolution-data-server NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/627 @@ -8,7 +24,7 @@ CVE-2026-2574 - glib-networking (unimportant) NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/228 NOTE: OpenSSL backend disabled by default upstream and in Debian -CVE-2026-2474 [heap buffer overflow in the XS function crypt_urandom_getrandom()] +CVE-2026-2474 (Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable t ...) - libcrypt-urandom-perl 0.55-1 [trixie] - libcrypt-urandom-perl (Minor issue) [bookworm] - libcrypt-urandom-perl (Vulnerable code introduced later in 0.41) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d586c6529fe374119ee17fc13f4ecda41c3827 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d586c6529fe374119ee17fc13f4ecda41c3827 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 02ae6243 by security tracker role at 2026-02-16T20:13:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,131 @@ +CVE-2026-2577 (The WhatsApp bridge component in Nanobot binds the WebSocket server to ...) + TODO: check +CVE-2026-2567 (A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vuln ...) + TODO: check +CVE-2026-2566 (A security vulnerability has been detected in Wavlink WL-NU516U1 up to ...) + TODO: check +CVE-2026-2565 (A weakness has been identified in Wavlink WL-NU516U1 20251208. Affecte ...) + TODO: check +CVE-2026-2564 (A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.0 ...) + TODO: check +CVE-2026-2563 (A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4 ...) + TODO: check +CVE-2026-2562 (A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4 ...) + TODO: check +CVE-2026-2561 (A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1. ...) + TODO: check +CVE-2026-2560 (A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The ...) + TODO: check +CVE-2026-2558 (A flaw has been found in GeekAI up to 4.2.4. The affected element is t ...) + TODO: check +CVE-2026-2557 (A vulnerability was detected in cskefu up to 8.0.1. Impacted is the fu ...) + TODO: check +CVE-2026-2556 (A security vulnerability has been detected in cskefu up to 8.0.1. This ...) + TODO: check +CVE-2026-2555 (A weakness has been identified in JeecgBoot 3.9.1. This vulnerability ...) + TODO: check +CVE-2026-2553 (A security flaw has been discovered in tushar-2223 Hotel-Management-Sy ...) + TODO: check +CVE-2026-2552 (A vulnerability was identified in ZenTao up to 21.7.8. Affected by thi ...) + TODO: check +CVE-2026-2551 (A vulnerability was determined in ZenTao up to 21.7.8. Affected by thi ...) + TODO: check +CVE-2026-2550 (A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is t ...) + TODO: check +CVE-2026-2549 (A vulnerability has been found in zhanghuanhao LibrarySystem \u56fe\u4 ...) + TODO: check +CVE-2026-2548 (A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the fun ...) + TODO: check +CVE-2026-2547 (A vulnerability was detected in LigeroSmart up to 6.1.26. The impacted ...) + TODO: check +CVE-2026-2546 (A security vulnerability has been detected in LigeroSmart up to 6.1.26 ...) + TODO: check +CVE-2026-2452 (Emails sent by pretix can utilize placeholders that will be filled wit ...) + TODO: check +CVE-2026-2451 (Emails sent by pretix can utilize placeholders that will be filled wit ...) + TODO: check +CVE-2026-2447 (Heap buffer overflow in libvpx. This vulnerability affects Firefox < 1 ...) + TODO: check +CVE-2026-2415 (Emails sent by pretix can utilize placeholders that will be filled wit ...) + TODO: check +CVE-2026-2101 (A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAv ...) + TODO: check +CVE-2026-2032 (Malicious scripts that interrupt new tab page loading could cause desy ...) + TODO: check +CVE-2026-2001 (The WowRevenue plugin for WordPress is vulnerable to unauthorized plug ...) + TODO: check +CVE-2026-26930 (SmarterTools SmarterMail before 9526 allows XSS via MAPI requests.) + TODO: check +CVE-2026-1783 + REJECTED +CVE-2026-1335 (An Out-Of-Bounds Write vulnerability affecting the EPRT file reading p ...) + TODO: check +CVE-2026-1334 (An Out-Of-Bounds Read vulnerability affecting the EPRT file reading pr ...) + TODO: check +CVE-2026-1333 (A Use of Uninitialized Variable vulnerability affecting the EPRT file ...) + TODO: check +CVE-2026-1046 (Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate ...) + TODO: check +CVE-2026-0999 (Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11 ...) + TODO: check +CVE-2026-0998 (Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11 ...) + TODO: check +CVE-2026-0997 (Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11 ...) + TODO: check +CVE-2025-65717 (An issue in Visual Studio Code Extensions Live Server v5.7.9 allows at ...) + TODO: check +CVE-2025-65716 (An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0 ...) + TODO: check +CVE-2025-65715 (An issue in the code-runner.executorMap setting of Visual Studio Code ...) + TODO: check +CVE-2025-59905 (Cross-Site Scripting (XSS) vulnerability reflected in Kubysoft, which ...) + TODO: check +CVE-2025-59904 (Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, which is ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2775a12f by security tracker role at 2026-02-16T08:12:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,49 @@
+CVE-2026-2545 (A weakness has been identified in LigeroSmart up to 6.1.26.
Impacted i ...)
+ TODO: check
+CVE-2026-2544 (A security flaw has been discovered in yued-fe LuLu UI up to
3.0.0. Th ...)
+ TODO: check
+CVE-2026-2543 (A vulnerability was identified in vichan-devel vichan up to
5.1.5. Thi ...)
+ TODO: check
+CVE-2026-2542 (A weakness has been identified in Total VPN 0.5.29.0 on
Windows. Affec ...)
+ TODO: check
+CVE-2026-2538 (A security flaw has been discovered in Flos Freeware Notepad2
4.2.22/4 ...)
+ TODO: check
+CVE-2026-2537 (A vulnerability was identified in Comfast CF-E4 2.6.0.1. This
impacts ...)
+ TODO: check
+CVE-2026-2536 (A vulnerability was determined in opencc JFlow up to 20260129.
This af ...)
+ TODO: check
+CVE-2026-2535 (A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The
impacted el ...)
+ TODO: check
+CVE-2026-2534 (A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The
affect ...)
+ TODO: check
+CVE-2026-2533 (A flaw has been found in Tosei Self-service Washing Machine
4.02. Impa ...)
+ TODO: check
+CVE-2026-2532 (A vulnerability was detected in lintsinghua DeepAudit up to
3.0.3. Thi ...)
+ TODO: check
+CVE-2026-2531 (A security vulnerability has been detected in MindsDB up to
25.14.1. T ...)
+ TODO: check
+CVE-2026-2530 (A weakness has been identified in Wavlink WL-WN579A3 up to
20210219. T ...)
+ TODO: check
+CVE-2026-2529 (A security flaw has been discovered in Wavlink WL-WN579A3 up to
202102 ...)
+ TODO: check
+CVE-2026-2528 (A vulnerability was identified in Wavlink WL-WN579A3 up to
20210219. A ...)
+ TODO: check
+CVE-2026-2527 (A vulnerability was determined in Wavlink WL-WN579A3 up to
20210219. A ...)
+ TODO: check
+CVE-2026-2526 (A vulnerability was found in Wavlink WL-WN579A3 up to 20210219.
This i ...)
+ TODO: check
+CVE-2026-2525 (A vulnerability has been found in Free5GC up to 4.1.0. This
affects an ...)
+ TODO: check
+CVE-2026-2524 (A flaw has been found in Open5GS 2.7.6. The impacted element is
the fu ...)
+ TODO: check
+CVE-2026-2523 (A vulnerability was detected in Open5GS up to 2.7.6. The
affected elem ...)
+ TODO: check
+CVE-2026-2522 (A security vulnerability has been detected in Open5GS up to
2.7.6. Imp ...)
+ TODO: check
+CVE-2026-2521 (A weakness has been identified in Open5GS up to 2.7.6. This
issue affe ...)
+ TODO: check
+CVE-2026-0929 (The RegistrationMagic WordPress plugin before 6.0.7.2 does not
have p ...)
+ TODO: check
CVE-2026-2541 (The Micca KE700 system relies on a 6-bit portion of an
identifier for ...)
NOT-FOR-US: Micca KE700 system
CVE-2026-2540 (The Micca KE700 system contains flawed resynchronization logic
and is ...)
@@ -33148,12 +33194,12 @@ CVE-2025-11778 (Stack-based buffer overflow in
Circutor SGE-PLC1000/SGE-PLC50 v0
CVE-2025-10543 (In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang)
versions <=1.5 ...)
NOT-FOR-US: Eclipse Paho Go MQTT
CVE-2025-64460 (An issue was discovered in 5.2 before 5.2.9, 5.1 before
5.1.15, and 4. ...)
- {DSA-6117-1 DLA-4425-1}
+ {DSA-6136-1 DSA-6117-1 DLA-4425-1}
- python-django 3:4.2.27-1 (bug #1121788)
NOTE:
https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
(4.2.27)
CVE-2025-13372 (An issue was discovered in 5.2 before 5.2.9, 5.1 before
5.1.15, and 4. ...)
- {DSA-6117-1}
+ {DSA-6136-1 DSA-6117-1}
- python-django 3:4.2.27-1 (bug #1121788)
[bullseye] - python-django (.alias() functionality added
later)
NOTE:
https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
@@ -39968,7 +40014,7 @@ CVE-2025-12725 (Out of bounds read in WebGPU in Google
Chrome on Android prior t
- chromium 142.0.7444.134-1
[bullseye] - chromium (see #1061268)
CVE-2025-64459 (An issue was discovered in 5.1 before 5.1.14, 4.2 before
4.2.26, and 5 ...)
- {DSA-6117-1 DLA-4425-1}
+ {DSA-6136-1 DSA-6117-1 DLA-4425-1}
- python-django 3:4.2.26-1 (bug #1120139)
NOTE:
https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
NOTE:
https://github.com/django/django/commit/98e642c69181c942d60a10ca0085d48c6b3068bb
(main)
@@ -52816,12 +52862,12 @@ CVE-2022-50420 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.1.4-1
NOTE:
https://git.kernel.org/linus/45e6319bd5f2154d8b8c9f1eaa4ac030ba0d330c
