[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 28 Feb 2026 00:13:25 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e02ca329 by security tracker role at 2026-02-28T08:13:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,14 +1,90 @@
-CVE-2026-28418
+CVE-2026-2647
+       REJECTED
+CVE-2026-2471 (The WP Mail Logging plugin for WordPress is vulnerable to PHP 
Object I ...)
+       TODO: check
+CVE-2026-28517 (openDCIM version 23.04, through commit 4467e9c4, contains an 
OS comman ...)
+       TODO: check
+CVE-2026-28516 (openDCIM version 23.04, through commit 4467e9c4, contains a 
SQL inject ...)
+       TODO: check
+CVE-2026-28515 (openDCIM version 23.04, through commit 4467e9c4, contains a 
missing au ...)
+       TODO: check
+CVE-2026-28426 (Statmatic is a Laravel and Git powered content management 
system (CMS) ...)
+       TODO: check
+CVE-2026-28425 (Statmatic is a Laravel and Git powered content management 
system (CMS) ...)
+       TODO: check
+CVE-2026-28424 (Statmatic is a Laravel and Git powered content management 
system (CMS) ...)
+       TODO: check
+CVE-2026-28423 (Statmatic is a Laravel and Git powered content management 
system (CMS) ...)
+       TODO: check
+CVE-2026-28422 (Vim is an open source, command line text editor. Prior to 
version 9.2. ...)
+       TODO: check
+CVE-2026-28421 (Vim is an open source, command line text editor. Versions 
prior to 9.2 ...)
+       TODO: check
+CVE-2026-28420 (Vim is an open source, command line text editor. Prior to 
version 9.2. ...)
+       TODO: check
+CVE-2026-28419 (Vim is an open source, command line text editor. Prior to 
version 9.2. ...)
+       TODO: check
+CVE-2026-28416 (Gradio is an open-source Python package designed for quick 
prototyping ...)
+       TODO: check
+CVE-2026-28415 (Gradio is an open-source Python package designed for quick 
prototyping ...)
+       TODO: check
+CVE-2026-28414 (Gradio is an open-source Python package designed for quick 
prototyping ...)
+       TODO: check
+CVE-2026-28411 (WeGIA is a web manager for charitable institutions. Prior to 
version 3 ...)
+       TODO: check
+CVE-2026-28409 (WeGIA is a web manager for charitable institutions. Prior to 
version 3 ...)
+       TODO: check
+CVE-2026-28408 (WeGIA is a web manager for charitable institutions. Prior to 
version 3 ...)
+       TODO: check
+CVE-2026-28407 (malcontent is software for discovering supply-chain 
compromises throug ...)
+       TODO: check
+CVE-2026-28406 (kaniko is a tool to build container images from a Dockerfile, 
inside a ...)
+       TODO: check
+CVE-2026-28402 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq 
Proof-of ...)
+       TODO: check
+CVE-2026-28400 (Docker Model Runner (DMR) is software used to manage, run, and 
deploy  ...)
+       TODO: check
+CVE-2026-28355 (Canarytokens help track activity and actions on a network. 
Versions pr ...)
+       TODO: check
+CVE-2026-28352 (Indico is an event management system that uses 
Flask-Multipass, a mult ...)
+       TODO: check
+CVE-2026-28351 (pypdf is a free and open-source pure-python PDF library. Prior 
to vers ...)
+       TODO: check
+CVE-2026-28338 (PMD is an extensible multilanguage static code analyzer. Prior 
to vers ...)
+       TODO: check
+CVE-2026-28288 (Dify is an open-source LLM app development platform. Prior to 
1.9.0, r ...)
+       TODO: check
+CVE-2026-28272 (Kiteworks is a private data network (PDN). Prior to version 
9.2.0, a v ...)
+       TODO: check
+CVE-2026-28271 (Kiteworks is a private data network (PDN). Prior to version 
9.2.0, a v ...)
+       TODO: check
+CVE-2026-28270 (Kiteworks is a private data network (PDN). Prior to version 
9.2.0, a v ...)
+       TODO: check
+CVE-2026-28268 (Vikunja is an open-source self-hosted task management 
platform. Versio ...)
+       TODO: check
+CVE-2026-28231 (pillow_heif is a Python library for working with HEIF images 
and plugi ...)
+       TODO: check
+CVE-2026-27939 (Statmatic is a Laravel and Git powered content management 
system (CMS) ...)
+       TODO: check
+CVE-2026-27759 (Featured Image from Content (featured-image-from-content) 
WordPress pl ...)
+       TODO: check
+CVE-2026-27167 (Gradio is an open-source Python package designed for quick 
prototyping ...)
+       TODO: check
+CVE-2026-1542 (The Super Stage WP WordPress plugin through 1.0.1 unserializes 
user in ...)
+       TODO: check
+CVE-2025-13673 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
+       TODO: check
+CVE-2026-28418 (Vim is an open source, command line text editor. Prior to 
version 9.2. ...)
        - vim <unfixed>
        NOTE: https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb46c3a9e76f684da2d 
(v9.2.0074)
-CVE-2026-28417
+CVE-2026-28417 (Vim is an open source, command line text editor. Prior to 
version 9.2. ...)
        - vim <unfixed>
        NOTE: https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/79348dbbc09332130f4c86045e1541d68514fcc1 
(v9.2.0073)
-CVE-2026-3255
+CVE-2026-3255 (HTTP::Session2 versions before 1.12 for Perl for Perl may 
generate wea ...)
        NOT-FOR-US: HTTP-Session2 Perl module
-CVE-2018-25160
+CVE-2018-25160 (HTTP::Session2 versions through 1.09 for Perl does not 
validate the fo ...)
        NOT-FOR-US: HTTP-Session2 Perl module
 CVE-2026-3327 (Authenticated Iframe Injection in Dato CMS Web Previews plugin. 
This v ...)
        NOT-FOR-US: Dato CMS Web Previews plugin
@@ -6539,7 +6615,7 @@ CVE-2025-15520 (The RegistrationMagic  WordPress plugin 
before 6.0.7.2 checks no
        NOT-FOR-US: WordPress plugin
 CVE-2024-21961 (Improper restriction of operations within the bounds of a 
memory buffe ...)
        NOT-FOR-US: AMD
-CVE-2020-37167 (ClamAV versions prior to 0.102.0, fixed in 0.103.0-rc, ClamBC 
bytecode ...)
+CVE-2020-37167 (ClamAV versions prior to 0.103.0-rc contain a vulnerability in 
functio ...)
        - clamav <undetermined>
        NOTE: https://www.exploit-db.com/exploits/47687
        TODO: check upstream status



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e02ca3297dfc6dae5158f01524043e5492659633

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e02ca3297dfc6dae5158f01524043e5492659633
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to