Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7f3859fa by security tracker role at 2026-07-02T07:13:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,259 @@
+CVE-2026-5821 (The Image Optimizer plugin for WordPress is vulnerable to 
arbitrary fi ...)
+       TODO: check
+CVE-2026-5348 (The Academy LMS \u2013 WordPress LMS Plugin for Complete 
eLearning Sol ...)
+       TODO: check
+CVE-2026-58593 (NodeBB does not bind the claimed author of an inbound 
ActivityPub obje ...)
+       TODO: check
+CVE-2026-58592 (Ladybird contains a dangling-reference memory-safety flaw in 
its WebAs ...)
+       TODO: check
+CVE-2026-58457 (Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) 
contains an  ...)
+       TODO: check
+CVE-2026-58263 (Jodit Editor is a WYSIWYG editor with written in pure 
TypeScript file  ...)
+       TODO: check
+CVE-2026-57278 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57277 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57276 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57275 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57274 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57273 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57272 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57271 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57270 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57269 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57268 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57267 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57266 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57265 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-57264 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-55886 (Jodit Editor is a WYSIWYG editor with written in pure 
TypeScript file  ...)
+       TODO: check
+CVE-2026-55794 (Craft CMS is a content management system (CMS). In versions 
5.9.0 and  ...)
+       TODO: check
+CVE-2026-55793 (Craft CMS is a content management system (CMS). In versions 
5.0.0-RC1  ...)
+       TODO: check
+CVE-2026-55792 (Craft CMS is a content management system (CMS). In versions 
starting f ...)
+       TODO: check
+CVE-2026-55791 (Craft CMS is a content management system (CMS). Versions 
4.0.0-RC1 and ...)
+       TODO: check
+CVE-2026-55790 (Craft CMS is a content management system (CMS). In versions 
5.0.0-RC1  ...)
+       TODO: check
+CVE-2026-55688 (The AsyncHttpClient (AHC) library allows Java applications to 
easily e ...)
+       TODO: check
+CVE-2026-55661 (Tina is a headless content management system. In versions 
prior to @ti ...)
+       TODO: check
+CVE-2026-55660 (Tina is a headless content management system. In versions 
prior to @ti ...)
+       TODO: check
+CVE-2026-55153 (mchange-commons-java is a Java library of shared utility 
classes used  ...)
+       TODO: check
+CVE-2026-54908 (Pion DTLS is a Go implementation of Datagram Transport Layer 
Security. ...)
+       TODO: check
+CVE-2026-54786 (Wasmtime is a runtime for WebAssembly. All versions prior to 
24.0.10;  ...)
+       TODO: check
+CVE-2026-54756 (Jodit Editor is a WYSIWYG editor with written in pure 
TypeScript file  ...)
+       TODO: check
+CVE-2026-54720 (Silverstripe Framework is a PHP framework which powers the 
Silverstrip ...)
+       TODO: check
+CVE-2026-54712 (OpenTelemetry Java Instrumentation provides OpenTelemetry 
auto-instrum ...)
+       TODO: check
+CVE-2026-54704 (OpenTelemetry Java Instrumentation provides OpenTelemetry 
auto-instrum ...)
+       TODO: check
+CVE-2026-54263 (Wagtail is an open source content management system built on 
Django. I ...)
+       TODO: check
+CVE-2026-54262 (Wagtail is an open source content management system built on 
Django. I ...)
+       TODO: check
+CVE-2026-54261 (Wagtail is an open source content management system built on 
Django. I ...)
+       TODO: check
+CVE-2026-54260 (Wagtail is an open source content management system built on 
Django. I ...)
+       TODO: check
+CVE-2026-54259 (Wagtail is an open source content management system built on 
Django. I ...)
+       TODO: check
+CVE-2026-54164 (API Platform Core is a system to create hypermedia-driven REST 
and Gra ...)
+       TODO: check
+CVE-2026-54074 (Tina is a headless content management system. @tinacms/cli 
versions pr ...)
+       TODO: check
+CVE-2026-52190 (Buffer Overflow vulnerability in UTT nv518G 
nv518GV3v3.2.7-210919-1613 ...)
+       TODO: check
+CVE-2026-52186 (SQL Injection vulnerability in UTT nv518G 
nv518GV3v3.2.7-210919-161313 ...)
+       TODO: check
+CVE-2026-50521 (Use after free in Microsoft Edge (Chromium-based) allows an 
authorized ...)
+       TODO: check
+CVE-2026-50284 (Craft CMS is a content management system (CMS). In versions 
5.0.0-RC1  ...)
+       TODO: check
+CVE-2026-50283 (Craft CMS is a content management system (CMS). Versions 
5.0.0-RC1 thr ...)
+       TODO: check
+CVE-2026-50280 (Craft CMS is a content management system (CMS). In versions 
5.0.0-RC1  ...)
+       TODO: check
+CVE-2026-50279 (Craft CMS is a content management system (CMS). IN versions 
5.0.0-RC1  ...)
+       TODO: check
+CVE-2026-49858 (API Platform Core is a system to create hypermedia-driven REST 
and Gra ...)
+       TODO: check
+CVE-2026-38891 (An improper input validation in the gazebo_ros_diff_drive.cpp 
componen ...)
+       TODO: check
+CVE-2026-36912 (A NULL pointer dereference in the 
AP4_AtomSampleTable::GetSample() fun ...)
+       TODO: check
+CVE-2026-36911 (A division-by-zero vulnerability in the 
CStreamSwitcherOutputPin::Deci ...)
+       TODO: check
+CVE-2026-36910 (An access violation in the BaseSplitterFile::Read function of 
Aleksoid ...)
+       TODO: check
+CVE-2026-36909 (A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() 
function  ...)
+       TODO: check
+CVE-2026-14440 (Description:     To issue and renew TLS certificates on behalf 
of cust ...)
+       TODO: check
+CVE-2026-14439 (A path traversal vulnerability exists in the Git Service 
component sha ...)
+       TODO: check
+CVE-2026-14432 (Use after free in V8 in Google Chrome prior to 150.0.7871.46 
allowed a ...)
+       TODO: check
+CVE-2026-14431 (Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 
allowed a ...)
+       TODO: check
+CVE-2026-14430 (Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 
allowed ...)
+       TODO: check
+CVE-2026-14429 (Insufficient validation of untrusted input in Skia in Google 
Chrome pr ...)
+       TODO: check
+CVE-2026-14428 (Insufficient validation of untrusted input in Dawn in Google 
Chrome on ...)
+       TODO: check
+CVE-2026-14427 (Heap buffer overflow in Skia in Google Chrome prior to 
150.0.7871.46 a ...)
+       TODO: check
+CVE-2026-14426 (Use after free in V8 in Google Chrome prior to 150.0.7871.46 
allowed a ...)
+       TODO: check
+CVE-2026-14425 (Use after free in ANGLE in Google Chrome prior to 
150.0.7871.46 allowe ...)
+       TODO: check
+CVE-2026-14424 (Use after free in Dawn in Google Chrome on Mac prior to 
150.0.7871.46  ...)
+       TODO: check
+CVE-2026-14423 (Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 
allowed ...)
+       TODO: check
+CVE-2026-14422 (Out of bounds read and write in Tint in Google Chrome prior to 
150.0.7 ...)
+       TODO: check
+CVE-2026-14421 (Uninitialized Use in Dawn in Google Chrome on ChromeOS prior 
to 150.0. ...)
+       TODO: check
+CVE-2026-14420 (Out of bounds read and write in Dawn in Google Chrome prior to 
150.0.7 ...)
+       TODO: check
+CVE-2026-14419 (Use after free in Skia in Google Chrome prior to 150.0.7871.46 
allowed ...)
+       TODO: check
+CVE-2026-14418 (Uninitialized Use in ANGLE in Google Chrome prior to 
150.0.7871.46 all ...)
+       TODO: check
+CVE-2026-14417 (Use after free in Dawn in Google Chrome prior to 150.0.7871.46 
allowed ...)
+       TODO: check
+CVE-2026-14416 (Out of bounds read in Dawn in Google Chrome prior to 
150.0.7871.46 all ...)
+       TODO: check
+CVE-2026-14415 (Inappropriate implementation in V8 in Google Chrome prior to 
150.0.787 ...)
+       TODO: check
+CVE-2026-14414 (Insufficient validation of untrusted input in Skia in Google 
Chrome pr ...)
+       TODO: check
+CVE-2026-14413 (Uninitialized Use in ANGLE in Google Chrome prior to 
150.0.7871.46 all ...)
+       TODO: check
+CVE-2026-14412 (Insufficient validation of untrusted input in ANGLE in Google 
Chrome p ...)
+       TODO: check
+CVE-2026-14411 (Insufficient validation of untrusted input in ANGLE in Google 
Chrome p ...)
+       TODO: check
+CVE-2026-14410 (Inappropriate implementation in Skia in Google Chrome prior to 
150.0.7 ...)
+       TODO: check
+CVE-2026-14409 (Inappropriate implementation in V8 in Google Chrome prior to 
150.0.787 ...)
+       TODO: check
+CVE-2026-14408 (Uninitialized Use in Dawn in Google Chrome prior to 
150.0.7871.46 allo ...)
+       TODO: check
+CVE-2026-14407 (Inappropriate implementation in V8 in Google Chrome prior to 
150.0.787 ...)
+       TODO: check
+CVE-2026-14406 (Out of bounds read in V8 in Google Chrome prior to 
150.0.7871.46 allow ...)
+       TODO: check
+CVE-2026-14405 (Uninitialized Use in V8 in Google Chrome prior to 
150.0.7871.46 allowe ...)
+       TODO: check
+CVE-2026-14404 (Inappropriate implementation in PDFium in Google Chrome prior 
to 150.0 ...)
+       TODO: check
+CVE-2026-14403 (Use after free in V8 in Google Chrome prior to 150.0.7871.46 
allowed a ...)
+       TODO: check
+CVE-2026-14402 (Uninitialized Use in ANGLE in Google Chrome on Windows prior 
to 150.0. ...)
+       TODO: check
+CVE-2026-14401 (Insufficient validation of untrusted input in ANGLE in Google 
Chrome o ...)
+       TODO: check
+CVE-2026-14400 (Out of bounds write in ANGLE in Google Chrome prior to 
150.0.7871.46 a ...)
+       TODO: check
+CVE-2026-14399 (Uninitialized Use in Dawn in Google Chrome prior to 
150.0.7871.46 allo ...)
+       TODO: check
+CVE-2026-14398 (Use after free in ANGLE in Google Chrome prior to 
150.0.7871.46 allowe ...)
+       TODO: check
+CVE-2026-14397 (Out of bounds write in ANGLE in Google Chrome on Mac prior to 
150.0.78 ...)
+       TODO: check
+CVE-2026-14396 (Out of bounds read in ANGLE in Google Chrome prior to 
150.0.7871.46 al ...)
+       TODO: check
+CVE-2026-14395 (Out of bounds write in V8 in Google Chrome prior to 
150.0.7871.46 allo ...)
+       TODO: check
+CVE-2026-14394 (Use after free in V8 in Google Chrome prior to 150.0.7871.46 
allowed a ...)
+       TODO: check
+CVE-2026-14393 (Use after free in V8 in Google Chrome prior to 150.0.7871.46 
allowed a ...)
+       TODO: check
+CVE-2026-14392 (Out of bounds write in Tint in Google Chrome prior to 
150.0.7871.46 al ...)
+       TODO: check
+CVE-2026-14391 (Integer overflow in ANGLE in Google Chrome on Windows prior to 
150.0.7 ...)
+       TODO: check
+CVE-2026-14390 (Use after free in ANGLE in Google Chrome prior to 
150.0.7871.46 allowe ...)
+       TODO: check
+CVE-2026-14389 (Integer overflow in Skia in Google Chrome prior to 
150.0.7871.46 allow ...)
+       TODO: check
+CVE-2026-14388 (Out of bounds read in ANGLE in Google Chrome prior to 
150.0.7871.46 al ...)
+       TODO: check
+CVE-2026-14387 (Integer overflow in Skia in Google Chrome prior to 
150.0.7871.46 allow ...)
+       TODO: check
+CVE-2026-14386 (Out of bounds read in ANGLE in Google Chrome prior to 
150.0.7871.46 al ...)
+       TODO: check
+CVE-2026-14385 (Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 
150.0.7 ...)
+       TODO: check
+CVE-2026-14384 (Out of bounds read in ANGLE in Google Chrome on Windows prior 
to 150.0 ...)
+       TODO: check
+CVE-2026-14383 (Inappropriate implementation in V8 in Google Chrome prior to 
150.0.787 ...)
+       TODO: check
+CVE-2026-14382 (Insufficient validation of untrusted input in ANGLE in Google 
Chrome p ...)
+       TODO: check
+CVE-2026-14381 (Incorrect security UI in WebAppInstalls in Google Chrome prior 
to 150. ...)
+       TODO: check
+CVE-2026-14363 (Improper neutralization of special elements used in an SQL 
command ('S ...)
+       TODO: check
+CVE-2026-14340 (An incorrect authorization vulnerability was identified in 
GitHub Ente ...)
+       TODO: check
+CVE-2026-14265 (Deserialization of untrusted data in the 
RemoteQueryCachePlugin in Ama ...)
+       TODO: check
+CVE-2026-14249 (The Request a Quote plugin for WordPress is vulnerable to Code 
Injecti ...)
+       TODO: check
+CVE-2026-13704 (The GiveWP \u2013 Donation Plugin and Fundraising Platform 
plugin for  ...)
+       TODO: check
+CVE-2026-13357 (The Houzez Property Feed plugin for WordPress is vulnerable to 
SQL Inj ...)
+       TODO: check
+CVE-2026-13132 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-13131 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-13125 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
+       TODO: check
+CVE-2026-11965 (The User Registration & Membership  WordPress plugin before 
5.2.0 does ...)
+       TODO: check
+CVE-2026-11950
+       REJECTED
+CVE-2026-11781 (The Adminify  WordPress plugin before 4.2.10 does not perform 
per-user ...)
+       TODO: check
+CVE-2026-11600 (The Envo's Templates & Widgets for Elementor and WooCommerce 
plugin fo ...)
+       TODO: check
+CVE-2026-11592 (The Email Subscribers & Newsletters \u2013 Email Marketing, 
Post Notif ...)
+       TODO: check
+CVE-2026-11578 (The Fluent Forms  WordPress plugin before 6.2.5 does not 
properly rest ...)
+       TODO: check
+CVE-2026-10089 (The Insert Pages plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2026-10077 (The yootheme WordPress theme before 5.0.35 does not prevent 
its bundle ...)
+       TODO: check
 CVE-2026-XXXX [GHSA-jgqj-x5j9-vgcm: Icinga 2 DSL Injection via Unescaped 
Import Template Name]
        - icinga2 2.16.2-1
        NOTE: 
https://github.com/Icinga/icinga2/security/advisories/GHSA-jgqj-x5j9-vgcm
@@ -15796,7 +16052,7 @@ CVE-2026-45640 (Use after free in Windows Bluetooth 
Port Driver allows an author
        NOT-FOR-US: Microsoft
 CVE-2026-45639 (Out-of-bounds read in Windows RDP allows an unauthorized 
attacker to d ...)
        NOT-FOR-US: Microsoft
-CVE-2026-45638 (Use after free in Windows Ancillary Function Driver for 
WinSock allows ...)
+CVE-2026-45638 (Heap-based buffer overflow in Windows Ancillary Function 
Driver for Wi ...)
        NOT-FOR-US: Microsoft
 CVE-2026-45637 (Use after free in Windows DWM Core Library allows an 
authorized attack ...)
        NOT-FOR-US: Microsoft



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f3859faee2b6b183b46653ba750ed574ba29e8c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f3859faee2b6b183b46653ba750ed574ba29e8c
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to