Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc0c4b4c by security tracker role at 2026-02-20T20:13:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,551 @@
+CVE-2026-2854 (A flaw has been found in D-Link DWR-M960 1.01.07. This impacts
the fun ...)
+ TODO: check
+CVE-2026-2853 (A vulnerability was detected in D-Link DWR-M960 1.01.07. This
affects ...)
+ TODO: check
+CVE-2026-2852 (A vulnerability was identified in yeqifu warehouse up to
aaf29962ba407 ...)
+ TODO: check
+CVE-2026-2851 (A vulnerability was determined in yeqifu warehouse up to
aaf29962ba407 ...)
+ TODO: check
+CVE-2026-2850 (A vulnerability was found in yeqifu warehouse up to
aaf29962ba407d22d9 ...)
+ TODO: check
+CVE-2026-2849 (A vulnerability has been found in yeqifu warehouse up to
aaf29962ba407 ...)
+ TODO: check
+CVE-2026-2848 (A flaw has been found in SourceCodester Simple Responsive
Tourism Webs ...)
+ TODO: check
+CVE-2026-2847 (A vulnerability was detected in UTT HiPER 520 1.7.7-160105.
Affected i ...)
+ TODO: check
+CVE-2026-2846 (A security vulnerability has been detected in UTT HiPER 520
1.7.7-1601 ...)
+ TODO: check
+CVE-2026-2832 (Certain Samsung MultiXpress Multifunction Printers may be
vulnerable t ...)
+ TODO: check
+CVE-2026-2818 (A zip-slip path traversal vulnerability in Spring Data Geode's
import ...)
+ TODO: check
+CVE-2026-2486 (The Master Addons For Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-2473 (Predictable bucket naming in Vertex AI Experiments in Google
Cloud Ver ...)
+ TODO: check
+CVE-2026-2472 (Stored Cross-Site Scripting (XSS) in the
_genai/_evals_visualization c ...)
+ TODO: check
+CVE-2026-2333 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2026-27506 (SVXportal version 2.5 and prior contain a stored cross-site
scripting ...)
+ TODO: check
+CVE-2026-27505 (SVXportal version 2.5 and prior contain a stored cross-site
scripting ...)
+ TODO: check
+CVE-2026-27504 (SVXportal version 2.5 and prior contain a reflected cross-site
scripti ...)
+ TODO: check
+CVE-2026-27503 (SVXportal version 2.5 and prior contain a reflected cross-site
scripti ...)
+ TODO: check
+CVE-2026-27502 (SVXportal version 2.5 and prior contain a reflected cross-site
scripti ...)
+ TODO: check
+CVE-2026-27115 (ADB Explorer is a fluent UI for ADB on Windows. Versions
0.9.26020 and ...)
+ TODO: check
+CVE-2026-27072 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-26747 (A Host Header Poisoning vulnerability exists in Monica 4.1.2
due to im ...)
+ TODO: check
+CVE-2026-26746 (OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI)
vulnerabilit ...)
+ TODO: check
+CVE-2026-26745 (OpenSourcePOS 3.4.1 has a second order SQL Injection
vulnerability in ...)
+ TODO: check
+CVE-2026-26725 (An issue in edu Business Solutions Print Shop Pro WebDesk
v.18.34 allo ...)
+ TODO: check
+CVE-2026-26724 (Cross Site Scripting vulnerability in Key Systems Inc Global
Facilitie ...)
+ TODO: check
+CVE-2026-26723 (Cross Site Scripting vulnerability in Key Systems Inc Global
Facilitie ...)
+ TODO: check
+CVE-2026-26722 (An issue in Key Systems Inc Global Facilities Management
Software v.20 ...)
+ TODO: check
+CVE-2026-26721 (An issue in Key Systems Inc Global Facilities Management
Software v.20 ...)
+ TODO: check
+CVE-2026-26102 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
+ TODO: check
+CVE-2026-26101 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
+ TODO: check
+CVE-2026-26100 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
+ TODO: check
+CVE-2026-26099 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows
Leveraging ...)
+ TODO: check
+CVE-2026-26098 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows
Leveraging ...)
+ TODO: check
+CVE-2026-26097 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows
Leveraging ...)
+ TODO: check
+CVE-2026-26096 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
+ TODO: check
+CVE-2026-26095 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
+ TODO: check
+CVE-2026-26093 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2026-26050 (The installer for
\u30b8\u30e7\u30d6\u30ed\u30b0\u96c6\u8a08/\u5206\u6 ...)
+ TODO: check
+CVE-2026-26049 (The web management interface of the device renders the
passwords in a ...)
+ TODO: check
+CVE-2026-26048 (The Wi-Fi router is vulnerable to de-authentication attacks
due to the ...)
+ TODO: check
+CVE-2026-25715 (The web management interface of the device allows the
administrator u ...)
+ TODO: check
+CVE-2026-24959 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-24956 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-24955 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24953 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-24950 (Authorization Bypass Through User-Controlled Key vulnerability
in them ...)
+ TODO: check
+CVE-2026-24949 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24948 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24946 (Missing Authorization vulnerability in tychesoftwares Print
Invoice & ...)
+ TODO: check
+CVE-2026-24944 (Missing Authorization vulnerability in weDevs Subscribe2
subscribe2 al ...)
+ TODO: check
+CVE-2026-24943 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24941 (Missing Authorization vulnerability in wpjobportal WP Job
Portal wp-jo ...)
+ TODO: check
+CVE-2026-24891 (openITCOCKPIT is an open source monitoring tool built for
different mo ...)
+ TODO: check
+CVE-2026-24790 (The underlying PLC of the device can be remotely influenced,
without p ...)
+ TODO: check
+CVE-2026-24455 (The embedded web interface of the device does not support
HTTPS/TLS fo ...)
+ TODO: check
+CVE-2026-22885 (A vulnerability exists in EnOcean SmartServer IoT version
4.60.009 and ...)
+ TODO: check
+CVE-2026-22384 (Deserialization of Untrusted Data vulnerability in leafcolor
Applay - ...)
+ TODO: check
+CVE-2026-22383 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22381 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22380 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22379 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22378 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22377 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22376 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22375 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22374 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22373 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22372 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22371 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22370 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22369 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22368 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22367 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22366 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22365 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22364 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22363 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22362 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22361 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22357 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-22356 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22354 (Deserialization of Untrusted Data vulnerability in Dotstore
Woocommerc ...)
+ TODO: check
+CVE-2026-22352 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-22351 (Missing Authorization vulnerability in Marcus (aka @msykes) WP
FullCal ...)
+ TODO: check
+CVE-2026-22350 (Missing Authorization vulnerability in add-ons.org PDF for
Elementor F ...)
+ TODO: check
+CVE-2026-22346 (Deserialization of Untrusted Data vulnerability in A WP Life
Slider Re ...)
+ TODO: check
+CVE-2026-22345 (Deserialization of Untrusted Data vulnerability in A WP Life
Image Gal ...)
+ TODO: check
+CVE-2026-22344 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22341 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2026-21627 (The vulnerability was rooted in how the Tassos Framework
plugin handle ...)
+ TODO: check
+CVE-2026-21620 (Relative Path Traversal, Improper Isolation or
Compartmentalization vu ...)
+ TODO: check
+CVE-2026-20761 (A vulnerability exists in EnOcean SmartServer IoT version
4.60.009 and ...)
+ TODO: check
+CVE-2026-1842 (HyperCloud versions 2.3.5 through 2.6.8 improperly allowed
refresh tok ...)
+ TODO: check
+CVE-2025-70833 (An Authentication Bypass vulnerability in Smanga 3.2.7 allows
an unaut ...)
+ TODO: check
+CVE-2025-70831 (A Remote Code Execution (RCE) vulnerability was found in
Smanga 3.2.7 ...)
+ TODO: check
+CVE-2025-69410 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69409 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69408 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69407 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69406 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69405 (Deserialization of Untrusted Data vulnerability in ThemeREX
Lorem Ipsu ...)
+ TODO: check
+CVE-2025-69404 (Deserialization of Untrusted Data vulnerability in ThemeREX
Extreme St ...)
+ TODO: check
+CVE-2025-69403 (Unrestricted Upload of File with Dangerous Type vulnerability
in Bravi ...)
+ TODO: check
+CVE-2025-69402 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69401 (Authentication Bypass by Spoofing vulnerability in mdalabar
WooODT Lit ...)
+ TODO: check
+CVE-2025-69400 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69399 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69398 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69397 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69396 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69395 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69394 (Authorization Bypass Through User-Controlled Key vulnerability
in cnvr ...)
+ TODO: check
+CVE-2025-69393 (Missing Authorization vulnerability in Jthemes Exzo exzo
allows Exploi ...)
+ TODO: check
+CVE-2025-69392 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69391 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69390 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69389 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69388 (Missing Authorization vulnerability in cliengo Cliengo \u2013
Chatbot ...)
+ TODO: check
+CVE-2025-69387 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69386 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69385 (Missing Authorization vulnerability in AgniHD Cartify -
WooCommerce Gu ...)
+ TODO: check
+CVE-2025-69384 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69383 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69382 (Deserialization of Untrusted Data vulnerability in themesflat
Themesfl ...)
+ TODO: check
+CVE-2025-69381 (Missing Authorization vulnerability in vanquish WooCommerce
Bulk Produ ...)
+ TODO: check
+CVE-2025-69380 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-69379 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-69378 (Incorrect Privilege Assignment vulnerability in
XforWooCommerce Produc ...)
+ TODO: check
+CVE-2025-69377 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-69376 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-69375 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69374 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69373 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69372 (Deserialization of Untrusted Data vulnerability in
AncoraThemes SevenH ...)
+ TODO: check
+CVE-2025-69371 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Kindly ...)
+ TODO: check
+CVE-2025-69370 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Capella ...)
+ TODO: check
+CVE-2025-69368 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69367 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69366 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69365 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69337 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69330 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69329 (Deserialization of Untrusted Data vulnerability in Jthemes
Prestige pr ...)
+ TODO: check
+CVE-2025-69328 (Deserialization of Untrusted Data vulnerability in
magepeopleteam Book ...)
+ TODO: check
+CVE-2025-69326 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69325 (Path Traversal: '.../...//' vulnerability in primersoftware
Primer MyD ...)
+ TODO: check
+CVE-2025-69324 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69323 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69322 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69310 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69309 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69308 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69307 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69306 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69305 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69304 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69303 (Missing Authorization vulnerability in modeltheme ModelTheme
Framework ...)
+ TODO: check
+CVE-2025-69302 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69301 (Deserialization of Untrusted Data vulnerability in ThemeGoods
PhotoMe ...)
+ TODO: check
+CVE-2025-69299 (Server-Side Request Forgery (SSRF) vulnerability in Laborator
Oxygen o ...)
+ TODO: check
+CVE-2025-69298 (Missing Authorization vulnerability in GhostPool Gauge gauge
allows Ex ...)
+ TODO: check
+CVE-2025-69297 (Missing Authorization vulnerability in GhostPool Aardvark
Plugin aardv ...)
+ TODO: check
+CVE-2025-69296 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69295 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69294 (Deserialization of Untrusted Data vulnerability in fuelthemes
PeakShop ...)
+ TODO: check
+CVE-2025-69063 (Missing Authorization vulnerability in Saad Iqbal New User
Approve new ...)
+ TODO: check
+CVE-2025-69011 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68895 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-68880 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68863 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68862 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-68856 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68855 (Insertion of Sensitive Information Into Sent Data
vulnerability in the ...)
+ TODO: check
+CVE-2025-68854 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68853 (Deserialization of Untrusted Data vulnerability in Kleor
Contact Manag ...)
+ TODO: check
+CVE-2025-68852 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68848 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68847 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68846 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68845 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68844 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68843 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68842 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68841 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68837 (Missing Authorization vulnerability in ELEXtensions ELEX
WordPress Hel ...)
+ TODO: check
+CVE-2025-68834 (Missing Authorization vulnerability in Saiful Islam Sync
Master Sheet ...)
+ TODO: check
+CVE-2025-68564 (Missing Authorization vulnerability in sendy Sendy sendy
allows Exploi ...)
+ TODO: check
+CVE-2025-68552 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68549 (Unrestricted Upload of File with Dangerous Type vulnerability
in zozot ...)
+ TODO: check
+CVE-2025-68545 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68543 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68542 (Missing Authorization vulnerability in vgdevsolutions Checkout
Gateway ...)
+ TODO: check
+CVE-2025-68541 (Deserialization of Untrusted Data vulnerability in BoldThemes
Ippsum i ...)
+ TODO: check
+CVE-2025-68539 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68536 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68534 (Missing Authorization vulnerability in add-ons.org PDF for
WPForms pdf ...)
+ TODO: check
+CVE-2025-68531 (Deserialization of Untrusted Data vulnerability in modeltheme
ModelThe ...)
+ TODO: check
+CVE-2025-68526 (Deserialization of Untrusted Data vulnerability in A WP Life
Modal Pop ...)
+ TODO: check
+CVE-2025-68514 (Authorization Bypass Through User-Controlled Key vulnerability
in Cozm ...)
+ TODO: check
+CVE-2025-68501 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68495 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68069 (Missing Authorization vulnerability in wpWax Directorist
directorist a ...)
+ TODO: check
+CVE-2025-68051 (Authorization Bypass Through User-Controlled Key vulnerability
in Ship ...)
+ TODO: check
+CVE-2025-68050 (Missing Authorization vulnerability in Leadpages Leadpages
leadpages a ...)
+ TODO: check
+CVE-2025-68048 (Missing Authorization vulnerability in XLPlugins NextMove Lite
woo-tha ...)
+ TODO: check
+CVE-2025-68043 (Missing Authorization vulnerability in LottieFiles LottieFiles
lottief ...)
+ TODO: check
+CVE-2025-68042 (Missing Authorization vulnerability in Travelpayouts
Travelpayouts tra ...)
+ TODO: check
+CVE-2025-68037 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68032 (Missing Authorization vulnerability in Passionate Brains
Advanced WC A ...)
+ TODO: check
+CVE-2025-68031 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68028 (Missing Authorization vulnerability in Passionate Brains
GA4WP: Google ...)
+ TODO: check
+CVE-2025-68026 (Missing Authorization vulnerability in Niaj Morshed LC Wizard
ghl-wiza ...)
+ TODO: check
+CVE-2025-68025 (Missing Authorization vulnerability in Addonify Addonify
Floating Cart ...)
+ TODO: check
+CVE-2025-68024 (Missing Authorization vulnerability in Addonify Addonify
\u2013 WooCom ...)
+ TODO: check
+CVE-2025-68023 (Missing Authorization vulnerability in Addonify Addonify
– Compa ...)
+ TODO: check
+CVE-2025-68022 (Missing Authorization vulnerability in soporteblue Plugin
BlueX for Wo ...)
+ TODO: check
+CVE-2025-68021 (Missing Authorization vulnerability in ConveyThis ConveyThis
conveythi ...)
+ TODO: check
+CVE-2025-68005 (Missing Authorization vulnerability in themewant Easy Hotel
Booking ea ...)
+ TODO: check
+CVE-2025-68002 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-68000 (Missing Authorization vulnerability in PickPlugins Testimonial
Slider ...)
+ TODO: check
+CVE-2025-67998 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-67997 (Deserialization of Untrusted Data vulnerability in BoldThemes
Travelic ...)
+ TODO: check
+CVE-2025-67996 (Deserialization of Untrusted Data vulnerability in BoldThemes
Nestin n ...)
+ TODO: check
+CVE-2025-67995 (Deserialization of Untrusted Data vulnerability in LoftOcean
PatioTime ...)
+ TODO: check
+CVE-2025-67994 (Missing Authorization vulnerability in YayCommerce YayCurrency
yaycurr ...)
+ TODO: check
+CVE-2025-67993 (Missing Authorization vulnerability in Vito Peleg Atarim
atarim-visual ...)
+ TODO: check
+CVE-2025-67992 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67991 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67990 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67988 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67987 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-67984 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67982 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67981 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67980 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67979 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-67978 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67977 (Missing Authorization vulnerability in VillaTheme HAPPY
happy-helpdesk ...)
+ TODO: check
+CVE-2025-67975 (Missing Authorization vulnerability in aDirectory aDirectory
adirector ...)
+ TODO: check
+CVE-2025-67974 (Missing Authorization vulnerability in WP Legal Pages
WPLegalPages wpl ...)
+ TODO: check
+CVE-2025-67973 (Missing Authorization vulnerability in sunshinephotocart
Sunshine Phot ...)
+ TODO: check
+CVE-2025-67972 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67971 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67970 (Missing Authorization vulnerability in vertim Schedula
schedula-smart- ...)
+ TODO: check
+CVE-2025-67969 (Missing Authorization vulnerability in knitpay UPI QR Code
Payment Gat ...)
+ TODO: check
+CVE-2025-67624 (Missing Authorization vulnerability in Arya Dhiratara Optimize
More! & ...)
+ TODO: check
+CVE-2025-67547 (Missing Authorization vulnerability in uixthemes Konte konte
allows Ex ...)
+ TODO: check
+CVE-2025-67438 (A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in
Server be ...)
+ TODO: check
+CVE-2025-60183 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60087 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53237 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53233 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53231 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53228 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-53217 (Missing Authorization vulnerability in staviravn AIO WP
Builder all-in ...)
+ TODO: check
+CVE-2025-52744 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-52603 (HCL Connections is vulnerable to information disclosure. In a
very sp ...)
+ TODO: check
+CVE-2025-15583 (A weakness has been identified in detronetdip E-commerce
1.0.0. This a ...)
+ TODO: check
+CVE-2025-15582 (A security flaw has been discovered in detronetdip E-commerce
1.0.0. T ...)
+ TODO: check
+CVE-2025-14547 (An integer underflow vulnerability is present in Silicon
Lab\u2019s im ...)
+ TODO: check
+CVE-2025-14055 (An integer underflow vulnerability in Silicon Labs Secure NCP
host imp ...)
+ TODO: check
+CVE-2025-10970 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-56208 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-54222 (Missing Authorization vulnerability in Seraphinite Solutions
Seraphini ...)
+ TODO: check
+CVE-2024-52387 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-51915 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-50555 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-50452 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-43228 (Missing Authorization vulnerability in SecuPress SecuPress
Free secupr ...)
+ TODO: check
+CVE-2024-34438 (Missing Authorization vulnerability in Anssi Laitila Shared
Files shar ...)
+ TODO: check
+CVE-2019-25445 (Fiverr Clone Script 1.2.2 contains a cross-site scripting
vulnerabilit ...)
+ TODO: check
+CVE-2019-25444 (Fiverr Clone Script 1.2.2 contains an SQL injection
vulnerability that ...)
+ TODO: check
CVE-2026-2825 (A vulnerability has been found in rachelos WeRSS we-mp-rss up
to 1.4.8 ...)
NOT-FOR-US: rachelos WeRSS we-mp-rss
CVE-2026-2824 (A flaw has been found in Comfast CF-E7 2.6.0.9. This affects
the funct ...)
@@ -1071,12 +1619,15 @@ CVE-2019-25349 (ScadaApp for iOS 1.1.4.0 contains a
denial of service vulnerabil
CVE-2019-25326 (ipPulse 1.92 contains a denial of service vulnerability that
allows lo ...)
NOT-FOR-US: ipPulse
CVE-2026-2650 (Heap buffer overflow in Media in Google Chrome prior to
145.0.7632.109 ...)
+ {DSA-6146-1}
- chromium 145.0.7632.109-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-2649 (Integer overflow in V8 in Google Chrome prior to 145.0.7632.109
allowe ...)
+ {DSA-6146-1}
- chromium 145.0.7632.109-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-2648 (Heap buffer overflow in PDFium in Google Chrome prior to
145.0.7632.10 ...)
+ {DSA-6146-1}
- chromium 145.0.7632.109-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-2681 (A flaw was found in the blst cryptographic library. This
out-of-bounds ...)
@@ -3685,6 +4236,7 @@ CVE-2020-37104 (ASTPP 4.0.1 contains an information
disclosure vulnerability tha
CVE-2019-25313 (FlexNet Publisher 11.12.1 contains a cross-site request
forgery vulner ...)
NOT-FOR-US: FlexNet Publisher
CVE-2026-25990 (Pillow is a Python imaging library. From 10.3.0 to before
12.1.1, n ou ...)
+ {DSA-6147-1}
- pillow 12.1.1-1 (bug #1127925)
[bookworm] - pillow <not-affected> (Vulnerable code introduced later)
[bullseye] - pillow <not-affected> (Vulnerable code introduced later)
@@ -148057,7 +148609,7 @@ CVE-2024-55952 (DataEase is an open source business
analytics tool. Authenticate
NOT-FOR-US: DataEase
CVE-2024-55492 (Winmail Server 4.4 is vulnerable to
f_user=%22%3E%3Csvg%20onload Cross ...)
NOT-FOR-US: Winmail Server
-CVE-2024-55089 (Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery
(SSRF) in t ...)
+CVE-2024-55089 (Rhymix before 2.1.24 is vulnerable to Server-Side Request
Forgery (SSR ...)
NOT-FOR-US: Rhymix CMS
CVE-2024-55088 (GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request
Forgery ( ...)
NOT-FOR-US: GetSimple CMS CE
@@ -424158,8 +424710,8 @@ CVE-2021-35404
RESERVED
CVE-2021-35403
RESERVED
-CVE-2021-35402
- RESERVED
+CVE-2021-35402 (PROLiNK PRC2402M 20190909 before 2021-06-13 allows
live_api.cgi?page=s ...)
+ TODO: check
CVE-2021-35401
RESERVED
CVE-2021-35400
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0c4b4c07d65998c0daaef972ea675e6c6fb80b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0c4b4c07d65998c0daaef972ea675e6c6fb80b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
