Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2be38d85 by security tracker role at 2026-02-25T08:13:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,166 @@
-CVE-2026-27624
+CVE-2026-3179 (The FTP Backup on the ADM does not properly sanitize filenames
receive ...)
+ TODO: check
+CVE-2026-3170 (A vulnerability was detected in SourceCodester/Patrick Mvuma
Patients ...)
+ TODO: check
+CVE-2026-3169 (A security vulnerability has been detected in Tenda F453
1.0.0.3. This ...)
+ TODO: check
+CVE-2026-3168 (A weakness has been identified in Tenda F453 1.0.0.3. This
affects the ...)
+ TODO: check
+CVE-2026-3167 (A security flaw has been discovered in Tenda F453 1.0.0.3. The
impacte ...)
+ TODO: check
+CVE-2026-3166 (A vulnerability was identified in Tenda F453 1.0.0.3. The
affected ele ...)
+ TODO: check
+CVE-2026-3165 (A vulnerability was determined in Tenda F453 1.0.0.3. Impacted
is the ...)
+ TODO: check
+CVE-2026-3164 (A vulnerability was found in itsourcecode News Portal Project
1.0. Thi ...)
+ TODO: check
+CVE-2026-3163 (A vulnerability has been found in SourceCodester Website Link
Extracto ...)
+ TODO: check
+CVE-2026-3153 (A vulnerability has been found in itsourcecode Document
Management Sys ...)
+ TODO: check
+CVE-2026-3152 (A flaw has been found in itsourcecode College Management System
1.0. T ...)
+ TODO: check
+CVE-2026-3151 (A vulnerability was detected in itsourcecode College Management
System ...)
+ TODO: check
+CVE-2026-3150 (A security vulnerability has been detected in itsourcecode
College Man ...)
+ TODO: check
+CVE-2026-3149 (A weakness has been identified in itsourcecode College
Management Syst ...)
+ TODO: check
+CVE-2026-3148 (A vulnerability was determined in SourceCodester Simple and
Nice Shopp ...)
+ TODO: check
+CVE-2026-3147 (A vulnerability was found in libvips up to 8.18.0. This affects
the fu ...)
+ TODO: check
+CVE-2026-3146 (A vulnerability has been found in libvips up to 8.18.0. The
impacted e ...)
+ TODO: check
+CVE-2026-3145 (A flaw has been found in libvips up to 8.18.0. The affected
element is ...)
+ TODO: check
+CVE-2026-3137 (A security vulnerability has been detected in CodeAstro Food
Ordering ...)
+ TODO: check
+CVE-2026-3135 (A weakness has been identified in itsourcecode News Portal
Project 1.0 ...)
+ TODO: check
+CVE-2026-3134 (A security flaw has been discovered in itsourcecode News Portal
Projec ...)
+ TODO: check
+CVE-2026-3133 (A vulnerability has been found in itsourcecode Document
Management Sys ...)
+ TODO: check
+CVE-2026-3100 (The FTP Backup on the ADM will not properly strictly enforce
TLS certi ...)
+ TODO: check
+CVE-2026-2914 (CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and
lower a ...)
+ TODO: check
+CVE-2026-27822 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
+ TODO: check
+CVE-2026-27747 (The SPIP interface_traduction_objets plugin versions prior
to4.3.3 con ...)
+ TODO: check
+CVE-2026-27746 (The SPIP jeux plugin versions prior to4.1.1 contain a
reflected cross- ...)
+ TODO: check
+CVE-2026-27745 (The SPIP interface_traduction_objets plugin versions prior
to4.3.3 con ...)
+ TODO: check
+CVE-2026-27744 (The SPIP tickets plugin versions prior to4.3.3 contain an
unauthentica ...)
+ TODO: check
+CVE-2026-27743 (The SPIP referer_spam plugin versions prior to1.3.0 contain an
unauthe ...)
+ TODO: check
+CVE-2026-27696 (changedetection.io is a free open source web page change
detection too ...)
+ TODO: check
+CVE-2026-27645 (changedetection.io is a free open source web page change
detection too ...)
+ TODO: check
+CVE-2026-27641 (Flask-Reuploaded provides file uploads for Flask. A critical
path trav ...)
+ TODO: check
+CVE-2026-27640 (tfplan2md is software for converting Terraform plan JSON files
into hu ...)
+ TODO: check
+CVE-2026-27639 (Mercator is an open source web application designed to enable
mapping ...)
+ TODO: check
+CVE-2026-27637 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
+ TODO: check
+CVE-2026-27636 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
+ TODO: check
+CVE-2026-27632 (Talishar is a fan-made Flesh and Blood project. Prior to
commit 6be387 ...)
+ TODO: check
+CVE-2026-27629 (InvenTree is an Open Source Inventory Management System. Prior
to vers ...)
+ TODO: check
+CVE-2026-27628 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.7. ...)
+ TODO: check
+CVE-2026-27627 (Karakeep is a elf-hostable bookmark-everything app. In version
0.30.0, ...)
+ TODO: check
+CVE-2026-27626 (OliveTin gives access to predefined shell commands from a web
interfac ...)
+ TODO: check
+CVE-2026-27621 (TypiCMS is a multilingual content management system based on
the Larav ...)
+ TODO: check
+CVE-2026-27615 (ADB Explorer is a fluent UI for ADB on Windows. In versions
prior to B ...)
+ TODO: check
+CVE-2026-27614 (Bugsink is a self-hosted error tracking tool. In versions
prior to 2.0 ...)
+ TODO: check
+CVE-2026-27612 (Repostat is a React component to fetch and display GitHub
repository i ...)
+ TODO: check
+CVE-2026-27611 (FileBrowser Quantum is a free, self-hosted, web-based file
manager. Pr ...)
+ TODO: check
+CVE-2026-27610 (Parse Dashboard is a standalone dashboard for managing Parse
Server ap ...)
+ TODO: check
+CVE-2026-27609 (Parse Dashboard is a standalone dashboard for managing Parse
Server ap ...)
+ TODO: check
+CVE-2026-27608 (Parse Dashboard is a standalone dashboard for managing Parse
Server ap ...)
+ TODO: check
+CVE-2026-27607 (RustFS is a distributed object storage system built in Rust.
In versio ...)
+ TODO: check
+CVE-2026-27606 (Rollup is a module bundler for JavaScript. Versions prior to
2.80.0, 3 ...)
+ TODO: check
+CVE-2026-27598 (Dagu is a workflow engine with a built-in Web user interface.
In versi ...)
+ TODO: check
+CVE-2026-27597 (Enclave is a secure JavaScript sandbox designed for safe AI
agent code ...)
+ TODO: check
+CVE-2026-27595 (Parse Dashboard is a standalone dashboard for managing Parse
Server ap ...)
+ TODO: check
+CVE-2026-27593 (Statmatic is a Laravel and Git powered content management
system (CMS) ...)
+ TODO: check
+CVE-2026-27117 (bit7z is a cross-platform C++ static library that allows the
compressi ...)
+ TODO: check
+CVE-2026-26351 (GetSimpleCMS Community Edition (CE) version 3.3.16 contains a
stored c ...)
+ TODO: check
+CVE-2026-25899 (Fiber is an Express inspired web framework written in Go. In
versions ...)
+ TODO: check
+CVE-2026-25891 (Fiber is an Express inspired web framework written in Go. A
Path Trave ...)
+ TODO: check
+CVE-2026-25882 (Fiber is an Express inspired web framework written in Go. A
denial of ...)
+ TODO: check
+CVE-2026-25785 (Path traversal vulnerability exists in Lanscope Endpoint
Manager (On-P ...)
+ TODO: check
+CVE-2026-25135 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25131 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25127 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25124 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-24896 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-24849 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-24847 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-24443 (EventSentry versions prior to 6.0.1.20contain an unverified
password c ...)
+ TODO: check
+CVE-2026-22553 (All versions of InSAT MasterSCADA BUK-TS are susceptible to OS
command ...)
+ TODO: check
+CVE-2026-21443 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-21410 (InSAT MasterSCADA BUK-TS is susceptible to SQL Injection
through its m ...)
+ TODO: check
+CVE-2026-1614 (The Rise Blocks \u2013 A Complete Gutenberg Page Builder plugin
for Wo ...)
+ TODO: check
+CVE-2025-69231 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-68277 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-67752 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-67491 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-5781 (Information Exposure Vulnerability in Hitachi Ops Center API
Configura ...)
+ TODO: check
+CVE-2025-46320 (A cross-site scripting (XSS) vulnerability in a FileMaker
WebDirect cu ...)
+ TODO: check
+CVE-2025-0976 (Information Exposure Vulnerability inHitachi Ops Center API
Configurat ...)
+ TODO: check
+CVE-2026-27624 (Coturn is a free open source implementation of TURN and STUN
Server. C ...)
- coturn <unfixed>
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-j8mm-mpf8-gvjg
NOTE:
https://github.com/coturn/coturn/commit/b80eb898ba26552600770162c26a8ae7f3661b0b
(4.9.0)
@@ -8,15 +170,15 @@ CVE-2026-3099
- libsoup3 <unfixed>
- libsoup2.4 <removed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/495
-CVE-2026-27195
+CVE-2026-27195 (Wasmtime is a runtime for WebAssembly. Starting with Wasmtime
39.0.0, ...)
- rust-wasmtime <not-affected> (Vulnerable code introduced later)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0022.html
NOTE:
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94
-CVE-2026-27572
+CVE-2026-27572 (Wasmtime is a runtime for WebAssembly. Prior to versions
24.0.6, 36.0. ...)
- rust-wasmtime <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0021.html
NOTE:
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h
-CVE-2026-27204
+CVE-2026-27204 (Wasmtime is a runtime for WebAssembly. Prior to versions
24.0.6, 36.0. ...)
- rust-wasmtime <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0020.html
NOTE:
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w
@@ -44495,7 +44657,7 @@ CVE-2025-65073 (OpenStack Keystone before 26.0.1,
27.0.0, and 28.0.0 allows a /v
NOTE: https://bugs.launchpad.net/keystone/+bug/2119646
NOTE: src:swift (Bug #1120057) and src:heat (Bug #1120059) require
updates along for
NOTE: compatibility with the OSSA-2025-002/keystone update.
-CVE-2025-11563
+CVE-2025-11563 (URLs containing percent-encoded slashes (`/` or `\`) can trick
wcurl i ...)
- curl 8.17.0-2
[trixie] - curl 8.14.1-2+deb13u2
[bookworm] - curl <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2be38d856beb668e16a9ac2d4917df6e757f1543
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2be38d856beb668e16a9ac2d4917df6e757f1543
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
