Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
face9692 by security tracker role at 2026-06-30T19:17:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2026-9711 (The EventON - WordPress Virtual Event Calendar Plugin plugin
for WordP ...)
+ TODO: check
+CVE-2026-9263 (The Zephyr Bluetooth controller ISO Adaptation Layer
(subsys/bluetooth ...)
+ TODO: check
+CVE-2026-8864 (The HP Fan Control App might allow local escalation of
privileges. An ...)
+ TODO: check
+CVE-2026-8655 (Multiple Memory overflow vulnerabilities inNetScaler ADC and
NetScaler ...)
+ TODO: check
+CVE-2026-8452 (Memory overflow vulnerabilityNetScaler ADC and NetScaler
Gatewayleadin ...)
+ TODO: check
+CVE-2026-8451 (Insufficient input validation inNetScaler ADC and NetScaler
Gatewaylea ...)
+ TODO: check
+CVE-2026-8403 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-8402 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2026-8141 (The Ajax Load More - Filters plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2026-6954 (Cross-Site Scripting (XSS) vulnerability in Intermark IT's
WebControl ...)
+ TODO: check
+CVE-2026-6953 (HTML injection vulnerability in Intermark IT's WebControl CMS
v3.5. Th ...)
+ TODO: check
+CVE-2026-6556 (@fastify/express versions 4.0.6 and earlier only rewrite the
plugin pr ...)
+ TODO: check
+CVE-2026-58377 (JeecgBoot through 3.9.2 contains a broken access control
vulnerability ...)
+ TODO: check
+CVE-2026-58376 (Dolibarr through 23.0.3, fixed in commit 14db36e, contains a
sql injec ...)
+ TODO: check
+CVE-2026-58375 (JimuReport through 2.5.0 exposes the POST
/jmreport/auto/export endpoi ...)
+ TODO: check
+CVE-2026-58374 (In hostapd before 2.12, a missing bounds check in AP-mode
Wi-Fi 7 (IEE ...)
+ TODO: check
+CVE-2026-58373 (CVAT before 2.69.0 contains an improper authorization
vulnerability in ...)
+ TODO: check
+CVE-2026-58372 (SeaweedFS before 4.34 contains a path traversal vulnerability
in the S ...)
+ TODO: check
+CVE-2026-58371 (SeaweedFS before 4.30 reflects the callback query parameter
verbatim i ...)
+ TODO: check
+CVE-2026-58370 (Woodpecker before 3.15.0 matches the ApprovalAllowedUsers
bypass list ...)
+ TODO: check
+CVE-2026-58369 (Woodpecker before 3.15.0 registers the
/api/orgs/lookup/*org_full_name ...)
+ TODO: check
+CVE-2026-58176 (RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes
workflo ...)
+ TODO: check
+CVE-2026-58174 (Hermes WebUI before 0.51.521 validates the workspace of an
imported se ...)
+ TODO: check
+CVE-2026-58173 (Vibe-Trading before 0.1.10 contains a path traversal
vulnerability tha ...)
+ TODO: check
+CVE-2026-58172 (Ocelot through 24.1.0, fixed in commit f156fd4, contains a
security co ...)
+ TODO: check
+CVE-2026-58171 (Vibe-Trading before 0.1.10 constructs the swarm run directory
by joini ...)
+ TODO: check
+CVE-2026-58170 (Vibe-Trading before 0.1.10 builds the proposal file path by
joining a ...)
+ TODO: check
+CVE-2026-58169 (Vibe-Trading before 0.1.10 contains a DNS rebinding
authentication byp ...)
+ TODO: check
+CVE-2026-58168 (DeepTutor before version 1.4.10 contains an authorization
bypass vulne ...)
+ TODO: check
+CVE-2026-58167 (Nightingale (n9e) before 9.0.0-beta.2 exposes full datasource
configur ...)
+ TODO: check
+CVE-2026-58166 (OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6,
contains a pat ...)
+ TODO: check
+CVE-2026-58165 (OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a
privilege ...)
+ TODO: check
+CVE-2026-58138 (Orkes Conductor 3.21.21 before 3.30.2 contains an
unauthenticated remo ...)
+ TODO: check
+CVE-2026-58116 (LLaMA-Factory through 0.9.5 contains a remote code execution
vulnerabi ...)
+ TODO: check
+CVE-2026-58016 (A flaw was found in GLib. A state confusion issue exists in
g_dbus_nod ...)
+ TODO: check
+CVE-2026-58015 (A flaw was found in GLib. The D-Bus client-side implementation
of the ...)
+ TODO: check
+CVE-2026-58014 (A flaw was found in GLib. An off-by-one error can occur in the
g_key_f ...)
+ TODO: check
+CVE-2026-58013 (A flaw was found in GLib. A buffer over-read can occur in
g_io_channel ...)
+ TODO: check
+CVE-2026-58012 (A flaw was found in GLib. A buffer over-read can occur in the
g_regex_ ...)
+ TODO: check
+CVE-2026-58011 (A flaw was found in GLib. An out-of-bounds read of only 2
bytes can oc ...)
+ TODO: check
+CVE-2026-58010 (A flaw was found in GLib. An off-by-one error can occur in the
gvs_tup ...)
+ TODO: check
+CVE-2026-54475 (Missing Authorization vulnerability in Apache ActiveMQ Broker,
Apache ...)
+ TODO: check
+CVE-2026-53917 (Memory Allocation with Excessive Size Value vulnerability in
Apache Ac ...)
+ TODO: check
+CVE-2026-53916 (Memory Allocation with Excessive Size Value vulnerability in
Apache Ac ...)
+ TODO: check
+CVE-2026-53692 (Redeight CMS version 1.0 uses the MD5 algorithm without a salt
to stor ...)
+ TODO: check
+CVE-2026-53691 (An Unrestricted File Upload vulnerability in Redeight CMS
version 1.0 ...)
+ TODO: check
+CVE-2026-53690 (An SQL Injection vulnerability exists in Redeight CMS version
1.0 via ...)
+ TODO: check
+CVE-2026-53433 (fzf is vulnerable to a Denial of Service (DoS) due to
inefficient HTTP ...)
+ TODO: check
+CVE-2026-53432 (fzf is vulnerable toInteger Overflow leading to crash in
FuzzyMatchV2 ...)
+ TODO: check
+CVE-2026-52760 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-50750 (Denial of Service via Out of Memory vulnerability in Apache
ActiveMQ B ...)
+ TODO: check
+CVE-2026-50734 (Memory Allocation with Excessive Size Value vulnerability in
Apache Ac ...)
+ TODO: check
+CVE-2026-4629 (A flaw was found in Keycloak. A highly privileged user with
`manage-cl ...)
+ TODO: check
+CVE-2026-4360 (In the Tarfile.extract() function, the filter parameter is not
passed ...)
+ TODO: check
+CVE-2026-49877 (Improper Authorization vulnerability in Apache ActiveMQ. An
authentic ...)
+ TODO: check
+CVE-2026-49451 (The OpenAPI.NET SDK contains a useful object model for OpenAPI
documen ...)
+ TODO: check
+CVE-2026-49434 (Improper Input Validation vulnerability in Apache ActiveMQ
Broker, Apa ...)
+ TODO: check
+CVE-2026-49432 (Improper Input Validation vulnerability in Apache ActiveMQ,
Apache Act ...)
+ TODO: check
+CVE-2026-48315 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
+ TODO: check
+CVE-2026-48314 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
+ TODO: check
+CVE-2026-48313 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
+ TODO: check
+CVE-2026-48307 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by a refl ...)
+ TODO: check
+CVE-2026-48286 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and
earlier are ...)
+ TODO: check
+CVE-2026-48285 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by a Serv ...)
+ TODO: check
+CVE-2026-48283 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Unr ...)
+ TODO: check
+CVE-2026-48282 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
+ TODO: check
+CVE-2026-48281 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
+ TODO: check
+CVE-2026-48277 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
+ TODO: check
+CVE-2026-48276 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Unr ...)
+ TODO: check
+CVE-2026-48192 (A vulnerability has been identified in Mendix Studio Pro 10.11
(All ve ...)
+ TODO: check
+CVE-2026-47105
+ REJECTED
+CVE-2026-45822 (decode-uri-component through 0.4.1 is vulnerable to denial of
service. ...)
+ TODO: check
+CVE-2026-44949 (A Rancher FleetWorkspace admission path allowed side effects
to occur ...)
+ TODO: check
+CVE-2026-44948 (A path traversal vulnerability was found in Fleet's ImageScan
subsyste ...)
+ TODO: check
+CVE-2026-44947 (A missing clean-up in the legacy Project Role Template Binding
(PRTB) ...)
+ TODO: check
+CVE-2026-44946 (A SAML authentication replay vulnerability in Rancher's
Assertion Con ...)
+ TODO: check
+CVE-2026-41053 (Incorrect authentication caching in the team member ship
expansion of ...)
+ TODO: check
+CVE-2026-35098 (KTM System e-BOK does not implement any limit or timeout on
consecutiv ...)
+ TODO: check
+CVE-2026-35097 (KTM System e-BOK enforces a maximum password length of six
numeric dig ...)
+ TODO: check
+CVE-2026-35096 (KTM System e-BOK is vulnerable to Cross\u2011Site Request
Forgery (CSR ...)
+ TODO: check
+CVE-2026-35095 (KTM System e-BOK allows the session identifier to be set by
the client ...)
+ TODO: check
+CVE-2026-27957 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-27956 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-27955 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-27883 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-27882 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-27881 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-14241 (Memory safety bugs present in Firefox 152.0.3. Some of these
bugs show ...)
+ TODO: check
+CVE-2026-14209 (A vulnerability was discovered in Keycloak's Admin UI
extension that a ...)
+ TODO: check
+CVE-2026-14178 (openGauss \u5728\u5904\u7406\u5e26 NLS \u53c2\u6570\u7684
to_timestamp ...)
+ TODO: check
+CVE-2026-14162 (Hospital Queuing Management developed by Advantech has a
Sensitive Dat ...)
+ TODO: check
+CVE-2026-14161 (Hospital Quening Management developed by Advantech has a
Sensitive Dat ...)
+ TODO: check
+CVE-2026-13474 (Denial of service via malformed HTTP/2 requests inNetScaler
ADC and Ne ...)
+ TODO: check
+CVE-2026-13455 (PostgreSQL Anonymizer contains a vulnerability that allows
unprivilege ...)
+ TODO: check
+CVE-2026-13316 (A flaw has been found in foreman when HTTP parameters are
modified in ...)
+ TODO: check
+CVE-2026-13149 (brace-expansion through 5.0.6 is vulnerable to denial of
service. The ...)
+ TODO: check
+CVE-2026-12610 (A flaw was found in sssd. When authenticating with a YubiKey,
the SSSD ...)
+ TODO: check
+CVE-2026-12578 (The affected product is vulnerable to a deserialization of
untrusted d ...)
+ TODO: check
+CVE-2026-12388 (A flaw was found in the Identity Provider (IdP) mapper
component of Ke ...)
+ TODO: check
+CVE-2026-12076 (Raytha CMS is vulnerable to SQL Injection within the OData
filter pars ...)
+ TODO: check
+CVE-2026-10817 (Insufficient input validation leading to memory overread
inNetScaler A ...)
+ TODO: check
+CVE-2026-10816 (Arbitrary File Read (Unauthenticated) inNetScaler ADC and
NetScaler Ga ...)
+ TODO: check
+CVE-2026-10763 (PROMOD V is using insecure HTTP communication instead of
HTTPS. The vu ...)
+ TODO: check
+CVE-2026-10655 (The asynchronous SNTP client in Zephyr
(subsys/net/lib/sntp/sntp.c, sn ...)
+ TODO: check
+CVE-2026-10654 (A race condition in the Zephyr Bluetooth Classic RFCOMM host
stack (su ...)
+ TODO: check
+CVE-2026-10653 (The Zephyr net_buf library (lib/net_buf/buf.c) manipulated
both of its ...)
+ TODO: check
+CVE-2026-10652 (Zephyr's DNS resolver (subsys/net/lib/dns) parses resource
records fro ...)
+ TODO: check
+CVE-2026-10513 (The Webmention plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-7406 (Nokia MantaRay NM is vulnerable to a sudo privilege escalation
vulnera ...)
+ TODO: check
+CVE-2025-53648 (SQL misconfiguration in the Gravitino UI, in versions 1.0.0
and below, ...)
+ TODO: check
+CVE-2025-24816 (Nokia MantaRay is subject to an Improper Access Control
vulnerability ...)
+ TODO: check
+CVE-2025-24815 (Nokia MantaRay NM is subject to an unrestricted file upload
vulnerabil ...)
+ TODO: check
CVE-2026-58030 [Escape linelinks argument before passing it on to Pygments]
- mediawiki <unfixed>
NOTE: https://phabricator.wikimedia.org/T427167
@@ -54,15 +278,15 @@ CVE-2026-58036 [Fix ApiQueryUsers leaking status ofprivate
user conditions for u
- mediawiki <not-affected> (Only affects 1.46 and later)
NOTE: https://phabricator.wikimedia.org/T425406
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306035 (master)
-CVE-2026-13766
+CVE-2026-13766 (DBIx::QuickORM versions before 0.000026 for Perl allow SQL
injection v ...)
NOT-FOR-US: DBIx::QuickORM Perl module
-CVE-2026-57082
+CVE-2026-57082 (Net::BitTorrent versions through 2.0.1 for Perl generate the
MSE Diffi ...)
NOT-FOR-US: Net::BitTorrent Perl module
-CVE-2026-57081
+CVE-2026-57081 (Net::BitTorrent versions through 2.0.1 for Perl allow remote
memory ex ...)
NOT-FOR-US: Net::BitTorrent Perl module
-CVE-2026-57080
+CVE-2026-57080 (Net::BitTorrent versions through 2.0.1 for Perl allow remote
memory ex ...)
NOT-FOR-US: Net::BitTorrent Perl module
-CVE-2026-57079
+CVE-2026-57079 (Net::BitTorrent versions through 2.0.1 for Perl write files
outside th ...)
NOT-FOR-US: Net::BitTorrent Perl module
CVE-2026-57964
- spice-vdagent <not-affected> (MacOS/BSD specific)
@@ -13026,11 +13250,11 @@ CVE-2026-49839 (jq is a command-line JSON processor.
Prior to 1.8.2,` jq --rawfi
- jq 1.8.1-8
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-cfh2-vwfq-qfmm
CVE-2026-44236
- {DSA-6343-1}
+ {DSA-6343-1 DLA-4658-1}
- librabbitmq 0.16.0-1
NOTE:
https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-jh48-qjf5-fx5v
CVE-2026-44235
- {DSA-6343-1}
+ {DSA-6343-1 DLA-4658-1}
- librabbitmq 0.16.0-1
NOTE:
https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-9mmv-r8g3-qp46
CVE-2026-9279 (Logseq exposes an IPC handler that allows the renderer process
to exec ...)
@@ -71417,7 +71641,8 @@ CVE-2026-29076 (cpp-httplib is a C++11 single-file
header-only cross platform HT
NOTE: Fixed by:
https://github.com/yhirose/cpp-httplib/commit/de296af3eb5b0d5c116470e033db900e4812c5e6
(v0.37.0)
CVE-2026-29067 (ZITADEL is an open source identity management platform. From
version 4 ...)
NOT-FOR-US: Zitadel
-CVE-2026-28678 (DSA Study Hub is an interactive educational web application.
Prior to ...)
+CVE-2026-28678
+ REJECTED
NOT-FOR-US: DSA Study Hub
CVE-2026-24308 (Improper handling of configuration values in ZKConfig in
Apache ZooKee ...)
- zookeeper 3.9.5-1 (bug #1130497)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/face96920e82d0c375691d0428c27c41eca994e6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/face96920e82d0c375691d0428c27c41eca994e6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits