Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7f3859fa by security tracker role at 2026-07-02T07:13:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,259 @@
+CVE-2026-5821 (The Image Optimizer plugin for WordPress is vulnerable to
arbitrary fi ...)
+ TODO: check
+CVE-2026-5348 (The Academy LMS \u2013 WordPress LMS Plugin for Complete
eLearning Sol ...)
+ TODO: check
+CVE-2026-58593 (NodeBB does not bind the claimed author of an inbound
ActivityPub obje ...)
+ TODO: check
+CVE-2026-58592 (Ladybird contains a dangling-reference memory-safety flaw in
its WebAs ...)
+ TODO: check
+CVE-2026-58457 (Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02)
contains an ...)
+ TODO: check
+CVE-2026-58263 (Jodit Editor is a WYSIWYG editor with written in pure
TypeScript file ...)
+ TODO: check
+CVE-2026-57278 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57277 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57276 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57275 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57274 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57273 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57272 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57271 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57270 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57269 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57268 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57267 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57266 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57265 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-57264 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-55886 (Jodit Editor is a WYSIWYG editor with written in pure
TypeScript file ...)
+ TODO: check
+CVE-2026-55794 (Craft CMS is a content management system (CMS). In versions
5.9.0 and ...)
+ TODO: check
+CVE-2026-55793 (Craft CMS is a content management system (CMS). In versions
5.0.0-RC1 ...)
+ TODO: check
+CVE-2026-55792 (Craft CMS is a content management system (CMS). In versions
starting f ...)
+ TODO: check
+CVE-2026-55791 (Craft CMS is a content management system (CMS). Versions
4.0.0-RC1 and ...)
+ TODO: check
+CVE-2026-55790 (Craft CMS is a content management system (CMS). In versions
5.0.0-RC1 ...)
+ TODO: check
+CVE-2026-55688 (The AsyncHttpClient (AHC) library allows Java applications to
easily e ...)
+ TODO: check
+CVE-2026-55661 (Tina is a headless content management system. In versions
prior to @ti ...)
+ TODO: check
+CVE-2026-55660 (Tina is a headless content management system. In versions
prior to @ti ...)
+ TODO: check
+CVE-2026-55153 (mchange-commons-java is a Java library of shared utility
classes used ...)
+ TODO: check
+CVE-2026-54908 (Pion DTLS is a Go implementation of Datagram Transport Layer
Security. ...)
+ TODO: check
+CVE-2026-54786 (Wasmtime is a runtime for WebAssembly. All versions prior to
24.0.10; ...)
+ TODO: check
+CVE-2026-54756 (Jodit Editor is a WYSIWYG editor with written in pure
TypeScript file ...)
+ TODO: check
+CVE-2026-54720 (Silverstripe Framework is a PHP framework which powers the
Silverstrip ...)
+ TODO: check
+CVE-2026-54712 (OpenTelemetry Java Instrumentation provides OpenTelemetry
auto-instrum ...)
+ TODO: check
+CVE-2026-54704 (OpenTelemetry Java Instrumentation provides OpenTelemetry
auto-instrum ...)
+ TODO: check
+CVE-2026-54263 (Wagtail is an open source content management system built on
Django. I ...)
+ TODO: check
+CVE-2026-54262 (Wagtail is an open source content management system built on
Django. I ...)
+ TODO: check
+CVE-2026-54261 (Wagtail is an open source content management system built on
Django. I ...)
+ TODO: check
+CVE-2026-54260 (Wagtail is an open source content management system built on
Django. I ...)
+ TODO: check
+CVE-2026-54259 (Wagtail is an open source content management system built on
Django. I ...)
+ TODO: check
+CVE-2026-54164 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
+ TODO: check
+CVE-2026-54074 (Tina is a headless content management system. @tinacms/cli
versions pr ...)
+ TODO: check
+CVE-2026-52190 (Buffer Overflow vulnerability in UTT nv518G
nv518GV3v3.2.7-210919-1613 ...)
+ TODO: check
+CVE-2026-52186 (SQL Injection vulnerability in UTT nv518G
nv518GV3v3.2.7-210919-161313 ...)
+ TODO: check
+CVE-2026-50521 (Use after free in Microsoft Edge (Chromium-based) allows an
authorized ...)
+ TODO: check
+CVE-2026-50284 (Craft CMS is a content management system (CMS). In versions
5.0.0-RC1 ...)
+ TODO: check
+CVE-2026-50283 (Craft CMS is a content management system (CMS). Versions
5.0.0-RC1 thr ...)
+ TODO: check
+CVE-2026-50280 (Craft CMS is a content management system (CMS). In versions
5.0.0-RC1 ...)
+ TODO: check
+CVE-2026-50279 (Craft CMS is a content management system (CMS). IN versions
5.0.0-RC1 ...)
+ TODO: check
+CVE-2026-49858 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
+ TODO: check
+CVE-2026-38891 (An improper input validation in the gazebo_ros_diff_drive.cpp
componen ...)
+ TODO: check
+CVE-2026-36912 (A NULL pointer dereference in the
AP4_AtomSampleTable::GetSample() fun ...)
+ TODO: check
+CVE-2026-36911 (A division-by-zero vulnerability in the
CStreamSwitcherOutputPin::Deci ...)
+ TODO: check
+CVE-2026-36910 (An access violation in the BaseSplitterFile::Read function of
Aleksoid ...)
+ TODO: check
+CVE-2026-36909 (A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId()
function ...)
+ TODO: check
+CVE-2026-14440 (Description: To issue and renew TLS certificates on behalf
of cust ...)
+ TODO: check
+CVE-2026-14439 (A path traversal vulnerability exists in the Git Service
component sha ...)
+ TODO: check
+CVE-2026-14432 (Use after free in V8 in Google Chrome prior to 150.0.7871.46
allowed a ...)
+ TODO: check
+CVE-2026-14431 (Type Confusion in V8 in Google Chrome prior to 150.0.7871.46
allowed a ...)
+ TODO: check
+CVE-2026-14430 (Integer overflow in V8 in Google Chrome prior to 150.0.7871.46
allowed ...)
+ TODO: check
+CVE-2026-14429 (Insufficient validation of untrusted input in Skia in Google
Chrome pr ...)
+ TODO: check
+CVE-2026-14428 (Insufficient validation of untrusted input in Dawn in Google
Chrome on ...)
+ TODO: check
+CVE-2026-14427 (Heap buffer overflow in Skia in Google Chrome prior to
150.0.7871.46 a ...)
+ TODO: check
+CVE-2026-14426 (Use after free in V8 in Google Chrome prior to 150.0.7871.46
allowed a ...)
+ TODO: check
+CVE-2026-14425 (Use after free in ANGLE in Google Chrome prior to
150.0.7871.46 allowe ...)
+ TODO: check
+CVE-2026-14424 (Use after free in Dawn in Google Chrome on Mac prior to
150.0.7871.46 ...)
+ TODO: check
+CVE-2026-14423 (Type Confusion in Tint in Google Chrome prior to 150.0.7871.46
allowed ...)
+ TODO: check
+CVE-2026-14422 (Out of bounds read and write in Tint in Google Chrome prior to
150.0.7 ...)
+ TODO: check
+CVE-2026-14421 (Uninitialized Use in Dawn in Google Chrome on ChromeOS prior
to 150.0. ...)
+ TODO: check
+CVE-2026-14420 (Out of bounds read and write in Dawn in Google Chrome prior to
150.0.7 ...)
+ TODO: check
+CVE-2026-14419 (Use after free in Skia in Google Chrome prior to 150.0.7871.46
allowed ...)
+ TODO: check
+CVE-2026-14418 (Uninitialized Use in ANGLE in Google Chrome prior to
150.0.7871.46 all ...)
+ TODO: check
+CVE-2026-14417 (Use after free in Dawn in Google Chrome prior to 150.0.7871.46
allowed ...)
+ TODO: check
+CVE-2026-14416 (Out of bounds read in Dawn in Google Chrome prior to
150.0.7871.46 all ...)
+ TODO: check
+CVE-2026-14415 (Inappropriate implementation in V8 in Google Chrome prior to
150.0.787 ...)
+ TODO: check
+CVE-2026-14414 (Insufficient validation of untrusted input in Skia in Google
Chrome pr ...)
+ TODO: check
+CVE-2026-14413 (Uninitialized Use in ANGLE in Google Chrome prior to
150.0.7871.46 all ...)
+ TODO: check
+CVE-2026-14412 (Insufficient validation of untrusted input in ANGLE in Google
Chrome p ...)
+ TODO: check
+CVE-2026-14411 (Insufficient validation of untrusted input in ANGLE in Google
Chrome p ...)
+ TODO: check
+CVE-2026-14410 (Inappropriate implementation in Skia in Google Chrome prior to
150.0.7 ...)
+ TODO: check
+CVE-2026-14409 (Inappropriate implementation in V8 in Google Chrome prior to
150.0.787 ...)
+ TODO: check
+CVE-2026-14408 (Uninitialized Use in Dawn in Google Chrome prior to
150.0.7871.46 allo ...)
+ TODO: check
+CVE-2026-14407 (Inappropriate implementation in V8 in Google Chrome prior to
150.0.787 ...)
+ TODO: check
+CVE-2026-14406 (Out of bounds read in V8 in Google Chrome prior to
150.0.7871.46 allow ...)
+ TODO: check
+CVE-2026-14405 (Uninitialized Use in V8 in Google Chrome prior to
150.0.7871.46 allowe ...)
+ TODO: check
+CVE-2026-14404 (Inappropriate implementation in PDFium in Google Chrome prior
to 150.0 ...)
+ TODO: check
+CVE-2026-14403 (Use after free in V8 in Google Chrome prior to 150.0.7871.46
allowed a ...)
+ TODO: check
+CVE-2026-14402 (Uninitialized Use in ANGLE in Google Chrome on Windows prior
to 150.0. ...)
+ TODO: check
+CVE-2026-14401 (Insufficient validation of untrusted input in ANGLE in Google
Chrome o ...)
+ TODO: check
+CVE-2026-14400 (Out of bounds write in ANGLE in Google Chrome prior to
150.0.7871.46 a ...)
+ TODO: check
+CVE-2026-14399 (Uninitialized Use in Dawn in Google Chrome prior to
150.0.7871.46 allo ...)
+ TODO: check
+CVE-2026-14398 (Use after free in ANGLE in Google Chrome prior to
150.0.7871.46 allowe ...)
+ TODO: check
+CVE-2026-14397 (Out of bounds write in ANGLE in Google Chrome on Mac prior to
150.0.78 ...)
+ TODO: check
+CVE-2026-14396 (Out of bounds read in ANGLE in Google Chrome prior to
150.0.7871.46 al ...)
+ TODO: check
+CVE-2026-14395 (Out of bounds write in V8 in Google Chrome prior to
150.0.7871.46 allo ...)
+ TODO: check
+CVE-2026-14394 (Use after free in V8 in Google Chrome prior to 150.0.7871.46
allowed a ...)
+ TODO: check
+CVE-2026-14393 (Use after free in V8 in Google Chrome prior to 150.0.7871.46
allowed a ...)
+ TODO: check
+CVE-2026-14392 (Out of bounds write in Tint in Google Chrome prior to
150.0.7871.46 al ...)
+ TODO: check
+CVE-2026-14391 (Integer overflow in ANGLE in Google Chrome on Windows prior to
150.0.7 ...)
+ TODO: check
+CVE-2026-14390 (Use after free in ANGLE in Google Chrome prior to
150.0.7871.46 allowe ...)
+ TODO: check
+CVE-2026-14389 (Integer overflow in Skia in Google Chrome prior to
150.0.7871.46 allow ...)
+ TODO: check
+CVE-2026-14388 (Out of bounds read in ANGLE in Google Chrome prior to
150.0.7871.46 al ...)
+ TODO: check
+CVE-2026-14387 (Integer overflow in Skia in Google Chrome prior to
150.0.7871.46 allow ...)
+ TODO: check
+CVE-2026-14386 (Out of bounds read in ANGLE in Google Chrome prior to
150.0.7871.46 al ...)
+ TODO: check
+CVE-2026-14385 (Heap buffer overflow in ANGLE in Google Chrome on Mac prior to
150.0.7 ...)
+ TODO: check
+CVE-2026-14384 (Out of bounds read in ANGLE in Google Chrome on Windows prior
to 150.0 ...)
+ TODO: check
+CVE-2026-14383 (Inappropriate implementation in V8 in Google Chrome prior to
150.0.787 ...)
+ TODO: check
+CVE-2026-14382 (Insufficient validation of untrusted input in ANGLE in Google
Chrome p ...)
+ TODO: check
+CVE-2026-14381 (Incorrect security UI in WebAppInstalls in Google Chrome prior
to 150. ...)
+ TODO: check
+CVE-2026-14363 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2026-14340 (An incorrect authorization vulnerability was identified in
GitHub Ente ...)
+ TODO: check
+CVE-2026-14265 (Deserialization of untrusted data in the
RemoteQueryCachePlugin in Ama ...)
+ TODO: check
+CVE-2026-14249 (The Request a Quote plugin for WordPress is vulnerable to Code
Injecti ...)
+ TODO: check
+CVE-2026-13704 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
+ TODO: check
+CVE-2026-13357 (The Houzez Property Feed plugin for WordPress is vulnerable to
SQL Inj ...)
+ TODO: check
+CVE-2026-13132 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-13131 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-13125 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
+ TODO: check
+CVE-2026-11965 (The User Registration & Membership WordPress plugin before
5.2.0 does ...)
+ TODO: check
+CVE-2026-11950
+ REJECTED
+CVE-2026-11781 (The Adminify WordPress plugin before 4.2.10 does not perform
per-user ...)
+ TODO: check
+CVE-2026-11600 (The Envo's Templates & Widgets for Elementor and WooCommerce
plugin fo ...)
+ TODO: check
+CVE-2026-11592 (The Email Subscribers & Newsletters \u2013 Email Marketing,
Post Notif ...)
+ TODO: check
+CVE-2026-11578 (The Fluent Forms WordPress plugin before 6.2.5 does not
properly rest ...)
+ TODO: check
+CVE-2026-10089 (The Insert Pages plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-10077 (The yootheme WordPress theme before 5.0.35 does not prevent
its bundle ...)
+ TODO: check
CVE-2026-XXXX [GHSA-jgqj-x5j9-vgcm: Icinga 2 DSL Injection via Unescaped
Import Template Name]
- icinga2 2.16.2-1
NOTE:
https://github.com/Icinga/icinga2/security/advisories/GHSA-jgqj-x5j9-vgcm
@@ -15796,7 +16052,7 @@ CVE-2026-45640 (Use after free in Windows Bluetooth
Port Driver allows an author
NOT-FOR-US: Microsoft
CVE-2026-45639 (Out-of-bounds read in Windows RDP allows an unauthorized
attacker to d ...)
NOT-FOR-US: Microsoft
-CVE-2026-45638 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+CVE-2026-45638 (Heap-based buffer overflow in Windows Ancillary Function
Driver for Wi ...)
NOT-FOR-US: Microsoft
CVE-2026-45637 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f3859faee2b6b183b46653ba750ed574ba29e8c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f3859faee2b6b183b46653ba750ed574ba29e8c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits