[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 26 Feb 2026 12:13:59 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
704a4669 by security tracker role at 2026-02-26T20:13:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2026-3071 (Deserialization of untrusted data in the LanguageModel class of 
Flair  ...)
+       TODO: check
+CVE-2026-2680 (Reflected Cross-Site Scripting (XSS) on the A3factura web 
platform, in ...)
+       TODO: check
+CVE-2026-2679 (Reflected Cross-Site Scripting (XSS) on the A3factura web 
platform, in ...)
+       TODO: check
+CVE-2026-2678 (Reflected Cross-Site Scripting (XSS) on the A3factura web 
platform, in ...)
+       TODO: check
+CVE-2026-2677 (Reflected Cross-Site Scripting (XSS) on the A3factura web 
platform, in ...)
+       TODO: check
+CVE-2026-2244 (A vulnerability in Google Cloud Vertex AI Workbench 
from7/21/2025 to 0 ...)
+       TODO: check
+CVE-2026-28296 (A flaw was found in the FTP GVfs backend. A remote attacker 
could expl ...)
+       TODO: check
+CVE-2026-28295 (A flaw was found in the FTP GVfs backend. A malicious FTP 
server can e ...)
+       TODO: check
+CVE-2026-28138 (Deserialization of Untrusted Data vulnerability in Stylemix 
uListing u ...)
+       TODO: check
+CVE-2026-28136 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2026-28132 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
+       TODO: check
+CVE-2026-28131 (Insertion of Sensitive Information Into Sent Data 
vulnerability in WPV ...)
+       TODO: check
+CVE-2026-28083 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2026-27510 (Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used 
with the ...)
+       TODO: check
+CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9 and 
V1.1.11 (EDU)  ...)
+       TODO: check
+CVE-2026-27141 (Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will 
cause a ...)
+       TODO: check
+CVE-2026-26979 (Discourse is an open source discussion platform. Prior to 
versions 202 ...)
+       TODO: check
+CVE-2026-26973 (Discourse is an open source discussion platform. Versions 
prior to 202 ...)
+       TODO: check
+CVE-2026-26938 (Improper Neutralization of Special Elements Used in a Template 
Engine  ...)
+       TODO: check
+CVE-2026-26937 (Uncontrolled Resource Consumption (CWE-400) in the Timelion 
component  ...)
+       TODO: check
+CVE-2026-26936 (Inefficient Regular Expression Complexity (CWE-1333) in the AI 
Inferen ...)
+       TODO: check
+CVE-2026-26935 (Improper Input Validation (CWE-20) in the internal Content 
Connectors  ...)
+       TODO: check
+CVE-2026-26934 (Improper Validation of Specified Quantity in Input (CWE-1284) 
in Kiban ...)
+       TODO: check
+CVE-2026-26932 (Improper Validation of Array Index (CWE-129) in the PostgreSQL 
protoco ...)
+       TODO: check
+CVE-2026-26682 (An issue in fastCMS before v.0.1.6 allows a local attacker to 
execute  ...)
+       TODO: check
+CVE-2026-26265 (Discourse is an open source discussion platform. Prior to 
versions 202 ...)
+       TODO: check
+CVE-2026-26228 (VideoLAN VLC for Android prior to version 3.7.0 contains a 
path traver ...)
+       TODO: check
+CVE-2026-26227 (VideoLAN VLC for Android prior to version 3.7.0 contains an 
authentica ...)
+       TODO: check
+CVE-2026-26207 (Discourse is an open source discussion platform. Prior to 
versions 202 ...)
+       TODO: check
+CVE-2026-26078 (Discourse is an open source discussion platform. Prior to 
versions 202 ...)
+       TODO: check
+CVE-2026-26077 (Discourse is an open source discussion platform. Prior to 
versions 202 ...)
+       TODO: check
+CVE-2026-23939 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2026-23750 (Golioth Pouch version 0.1.0, prior to commit 1b2219a1, 
contains a heap ...)
+       TODO: check
+CVE-2026-23749 (Golioth Firmware SDK version0.19.1prior to 0.22.0, fixed in 
commit0e78 ...)
+       TODO: check
+CVE-2026-23748 (Golioth Firmware SDK version0.10.0 prior to 0.22.0, fixed in 
commitd7f ...)
+       TODO: check
+CVE-2026-23747 (Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in 
commit48 ...)
+       TODO: check
+CVE-2026-22722 (A malicious actor with authenticated user privileges on a 
Windows base ...)
+       TODO: check
+CVE-2026-22715 (VMWare Workstation and Fusion contain a logic flaw in the 
management o ...)
+       TODO: check
+CVE-2026-1565 (The User Frontend: AI Powered Frontend Posting, User Directory, 
Profil ...)
+       TODO: check
+CVE-2026-1241 (The Pelco, Inc. Sarix Professional 3 Series Cameras are 
vulnerable to  ...)
+       TODO: check
+CVE-2026-1198 (SIMPLE.ERP is vulnerable to the SQL Injection in search 
functionality  ...)
+       TODO: check
+CVE-2025-71057 (Improper session management in D-Link Wireless N 300 ADSL2+ 
Modem Rout ...)
+       TODO: check
+CVE-2025-64999 (Improper neutralization of input in Checkmk versions 2.4.0 
before 2.4. ...)
+       TODO: check
+CVE-2025-56605 (A reflected Cross-Site Scripting (XSS) vulnerability exists in 
the reg ...)
+       TODO: check
+CVE-2025-50857 (ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory 
Travers ...)
+       TODO: check
+CVE-2025-14343 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2025-11384
+       REJECTED
+CVE-2025-11383
+       REJECTED
+CVE-2025-11382
+       REJECTED
+CVE-2025-11381
+       REJECTED
 CVE-2026-3209 (A vulnerability has been found in fosrl Pangolin up to 
1.15.4-s.3. Thi ...)
        NOT-FOR-US: Fossorial fosrl/pangolin
 CVE-2026-3200 (A vulnerability was identified in z-9527 admin 1.0/2.0. The 
affected e ...)
@@ -988,7 +1088,7 @@ CVE-2026-2801 (Incorrect boundary conditions in the 
JavaScript: WebAssembly comp
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2801
 CVE-2026-2781 (Integer overflow in the Libraries component in NSS. This 
vulnerability ...)
-       {DSA-6148-1}
+       {DSA-6149-1 DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
        - nss 2:3.121-1
@@ -179782,7 +179882,7 @@ CVE-2024-8413 (Cross Site Scripting (XSS) 
vulnerability through the action param
        NOT-FOR-US: Bioshox/Raspcontrol
 CVE-2024-8412 (A vulnerability, which was classified as problematic, was found 
in Lin ...)
        NOT-FOR-US: LinuxOSsk Shakal-NG
-CVE-2024-8411 (A vulnerability, which was classified as problematic, has been 
found i ...)
+CVE-2024-8411 (A vulnerability was determined in ABCD ABCD2 up to 
2.2.0-beta-1. Impac ...)
        NOT-FOR-US: ABCD
 CVE-2024-8410 (A vulnerability classified as problematic was found in ABCD 
ABCD2 up t ...)
        NOT-FOR-US: ABCD



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704a4669a3da164b237b12e2ab1443e4d5cf1261

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704a4669a3da164b237b12e2ab1443e4d5cf1261
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to