Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
30e4cee4 by security tracker role at 2026-06-23T07:13:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,167 @@
+CVE-2026-8379 (The Frontend File Manager Plugin WordPress plugin through 23.6
does no ...)
+ TODO: check
+CVE-2026-8378 (The Frontend File Manager Plugin WordPress plugin through 23.6
does no ...)
+ TODO: check
+CVE-2026-8172 (The Simple Basic Contact Form WordPress plugin through 20250114
does n ...)
+ TODO: check
+CVE-2026-8163 (The Infility Global WordPress plugin before 2.15.19 does not
properly ...)
+ TODO: check
+CVE-2026-7842 (The Infility Global Infility Global WordPress plugin before
2.15.20 fo ...)
+ TODO: check
+CVE-2026-56698 (Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to
validat ...)
+ TODO: check
+CVE-2026-56697 (Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept
protocol ...)
+ TODO: check
+CVE-2026-56357 (n8n before 1.123.15 and 2.5.0 contains a webhook forgery
vulnerability ...)
+ TODO: check
+CVE-2026-56348 (n8n before 2.20.0 contains a credential exfiltration
vulnerability in ...)
+ TODO: check
+CVE-2026-56326 (Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain
a serve ...)
+ TODO: check
+CVE-2026-56324 (Capgo before 12.128.2 contains a rate limit bypass
vulnerability in th ...)
+ TODO: check
+CVE-2026-56323 (Capgo before 12.128.2 contains an information disclosure
vulnerability ...)
+ TODO: check
+CVE-2026-56321 (Capgo (backend Supabase edge functions) before 12.128.2 does
not apply ...)
+ TODO: check
+CVE-2026-56314 (Capgo before 12.128.12 fails to filter deleted app versions
when joini ...)
+ TODO: check
+CVE-2026-56311 (Capgo before 12.128.2 contains an authorization bypass
vulnerability i ...)
+ TODO: check
+CVE-2026-56306 (Capgo before 12.128.2 contains a weak parsing vulnerability in
the x-l ...)
+ TODO: check
+CVE-2026-56280 (Cap-go before 12.128.2 contains a privilege inversion
vulnerability in ...)
+ TODO: check
+CVE-2026-56268 (Flowise before 3.1.2 contains an information disclosure
vulnerability ...)
+ TODO: check
+CVE-2026-56266 (Crawl4AI before 0.8.7 contains a server-side request forgery
vulnerabi ...)
+ TODO: check
+CVE-2026-56255 (Capgo before 12.128.2 contains a denial of service
vulnerability in th ...)
+ TODO: check
+CVE-2026-56221 (Cap-go before 12.128.2 contains multiple SQL injection
vulnerabilities ...)
+ TODO: check
+CVE-2026-55655 (A flaw was found in OpenSSH. A local unprivileged attacker on
a Linux ...)
+ TODO: check
+CVE-2026-55654 (A flaw was found in OpenSSH. This vulnerability, a heap
out-of-bounds ...)
+ TODO: check
+CVE-2026-55653 (A flaw was found in OpenSSH. A malicious SSH server can
exploit a doub ...)
+ TODO: check
+CVE-2026-55603 (http-proxy-middleware is node.js http-proxy middleware. From
3.0.4 unt ...)
+ TODO: check
+CVE-2026-55599 (phpseclib is a PHP secure communications library. From 0.1.1
until 1.0 ...)
+ TODO: check
+CVE-2026-55409 (Filament is a collection of full-stack components for
accelerated Lara ...)
+ TODO: check
+CVE-2026-54911 (UltraJSON is a fast JSON encoder and decoder written in pure C
with bi ...)
+ TODO: check
+CVE-2026-54651 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.13 ...)
+ TODO: check
+CVE-2026-54531 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.13 ...)
+ TODO: check
+CVE-2026-54530 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.13 ...)
+ TODO: check
+CVE-2026-54281 (Nest is a framework for building scalable Node.js server-side
applicat ...)
+ TODO: check
+CVE-2026-54236 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-54235 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-54233 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-54232 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-53923 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-49468 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
+ TODO: check
+CVE-2026-49461 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.12 ...)
+ TODO: check
+CVE-2026-49460 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.12 ...)
+ TODO: check
+CVE-2026-48746 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-48517 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48516 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48515 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48514 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48513 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48512 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48511 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48510 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48509 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48506 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48505 (Filament is a collection of full-stack components for
accelerated Lara ...)
+ TODO: check
+CVE-2026-48502 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48500 (Filament is a collection of full-stack components for
accelerated Lara ...)
+ TODO: check
+CVE-2026-48167 (Filament is a collection of full-stack components for
accelerated Lara ...)
+ TODO: check
+CVE-2026-48166 (Filament is a collection of full-stack components for
accelerated Lara ...)
+ TODO: check
+CVE-2026-48109 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
+ TODO: check
+CVE-2026-48067 (Filament is a collection of full-stack components for
accelerated Lara ...)
+ TODO: check
+CVE-2026-47242 (Net::IMAP implements Internet Message Access Protocol (IMAP)
client fu ...)
+ TODO: check
+CVE-2026-47241 (Net::IMAP implements Internet Message Access Protocol (IMAP)
client fu ...)
+ TODO: check
+CVE-2026-47240 (Net::IMAP implements Internet Message Access Protocol (IMAP)
client fu ...)
+ TODO: check
+CVE-2026-47155 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-45034 (PhpSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
+ TODO: check
+CVE-2026-44889 (WebOb provides objects for HTTP requests and responses. Prior
to 1.8.1 ...)
+ TODO: check
+CVE-2026-44727 (Jupyter Server is the backend for Jupyter web applications.
Prior to 2 ...)
+ TODO: check
+CVE-2026-44311 (Fabric.js is a Javascript HTML5 canvas library. Prior to
7.4.0, a pote ...)
+ TODO: check
+CVE-2026-44274 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605,
contain ...)
+ TODO: check
+CVE-2026-44273 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605,
contain ...)
+ TODO: check
+CVE-2026-44272 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605,
contain ...)
+ TODO: check
+CVE-2026-44271 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605,
contain ...)
+ TODO: check
+CVE-2026-41523 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-41479 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
+ TODO: check
+CVE-2026-39904 (Gophish through 0.12.1 contains a denial of service
vulnerability that ...)
+ TODO: check
+CVE-2026-12866 (All versions of the package expr-eval are vulnerable to Code
Execution ...)
+ TODO: check
+CVE-2026-11833 (Overview: A vulnerability has been found in FAST/TOOLS and CI
Server. ...)
+ TODO: check
+CVE-2026-10852 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application
Server, and IB ...)
+ TODO: check
+CVE-2026-10658 (A missing length validation in the Zephyr Bluetooth Host ISO
receive p ...)
+ TODO: check
+CVE-2026-10651 (A malformed Bluetooth Classic SDP attribute can trigger a
reachable as ...)
+ TODO: check
+CVE-2026-10645 (Zephyr's ext2 directory-entry parser does not fully validate
on-disk d ...)
+ TODO: check
+CVE-2025-71358 (picklescan before 0.0.29 fails to detect malicious pickle
files that e ...)
+ TODO: check
+CVE-2025-71344 (picklescan before 0.0.30 (affected versions 0.0.26 and
earlier) fails ...)
+ TODO: check
+CVE-2025-71339 (Picklescan before 0.0.33 fails to detect the
numpy.f2py.crackfortran._ ...)
+ TODO: check
CVE-2026-9610 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator
9.1.7, 9 ...)
NOT-FOR-US: IBM
CVE-2026-9320 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere
Applic ...)
@@ -1199,7 +1363,7 @@ CVE-2026-55766
- php-guzzlehttp-psr7 2.12.1-1
[trixie] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
NOTE:
https://github.com/guzzle/psr7/security/advisories/GHSA-vm85-hxw5-5432
-CVE-2026-48931
+CVE-2026-48931 (A flaw in Node.js HTTP Agent can cause a client to accept as
valid a r ...)
- nodejs 24.17.0+dfsg+~cs24.13.2-1
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#http-response-queue-poisoning-via-toctou-race-condition-in-httpagent-cve-2026-48931---low
NOTE:
https://github.com/nodejs/node/commit/0a22d40180cb796e0d68e94c1a7a8a05a8f47c10
(v22.23.0)
@@ -1245,6 +1409,7 @@ CVE-2026-9158 (In Eclipse 4diac FORTE versions 3.0.0 to
3.1.0, a specially craft
CVE-2026-8811 (SEPPmail versions before 15.0.5 allow improper handling of
attachment ...)
NOT-FOR-US: SEPPmail
CVE-2026-8461 (An out-of-bounds write vulnerability in FFmpeg's libavcodec
library, s ...)
+ {DSA-6361-1}
- ffmpeg 7:8.1.2-1
NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/c23d4da3128c279b714b282e6ec292e8755007e3
(master)
@@ -44835,6 +45000,7 @@ CVE-2026-30999 (A heap buffer overflow in the
av_bprint_finalize() function of F
CVE-2026-30998 (An improper resource deallocation and closure vulnerability in
the too ...)
NOTE: Bogus CVE assignment for ffmpeg, gets cleaned up by the OS anyway
CVE-2026-30997 (An out-of-bounds read in the read_global_param() function
(libavcodec/ ...)
+ {DSA-6361-1}
- ffmpeg <unfixed>
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
[bullseye] - ffmpeg <postponed> (Minor issue)
@@ -49122,7 +49288,7 @@ CVE-2026-34986 (Go JOSE provides an implementation of
the Javascript Object Sign
NOTE:
https://github.com/go-jose/go-jose/commit/02464163e1e891db85257cb8860978a1c0226016
(v3.0.5)
CVE-2026-34981 (The whisperX API is a tool for enhancing and analyzing audio
content. ...)
NOT-FOR-US: whisperX API
-CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. Prior
to 3.2. ...)
+CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. In
versions 3 ...)
NOT-FOR-US: AperiSolve
CVE-2026-34976 (Dgraph is an open source distributed GraphQL database. Prior
to 25.3.1 ...)
NOT-FOR-US: Dgraph
@@ -202566,7 +202732,7 @@ CVE-2025-25054 (Movable Type contains a reflected
cross-site scripting vulnerabi
CVE-2025-24841 (Movable Type contains a stored cross-site scripting
vulnerability in t ...)
- movabletype-opensource <removed>
CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to
contain a seg ...)
- {DLA-4073-1}
+ {DSA-6361-1 DLA-4073-1}
- ffmpeg 7:8.0.1-2
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: https://trac.ffmpeg.org/ticket/11393
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4cee46a90cdb3866580dff2c04fc6bc10b61c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4cee46a90cdb3866580dff2c04fc6bc10b61c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits