Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a0b6a225 by security tracker role at 2026-07-07T07:13:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,231 @@
+CVE-2026-59713 (Leantime contains an OIDC login CSRF vulnerability in the 
verifyState( ...)
+       TODO: check
+CVE-2026-59712 (Leantime's Users::getUser method in the JSON-RPC API lacks 
proper auth ...)
+       TODO: check
+CVE-2026-59711 (showdown contains a cross-site scripting vulnerability in 
metadata tit ...)
+       TODO: check
+CVE-2026-59710 (showdown contains a stored cross-site scripting vulnerability 
in the p ...)
+       TODO: check
+CVE-2026-58404 (Hugo is a static site generator. From v0.162.0 through 
v0.163.0, the d ...)
+       TODO: check
+CVE-2026-58403 (Hugo is a static site generator. From v0.123.0 through 
v0.163.0, Hugo' ...)
+       TODO: check
+CVE-2026-58402 (Hugo is a static site generator. From 0.60.0 until 0.163.3, 
Hugo's def ...)
+       TODO: check
+CVE-2026-58315 (Cross-site request forgery vulnerability exists in SEIKO EPSON 
Web Con ...)
+       TODO: check
+CVE-2026-57871 (Relative path traversal vulnerability in MicroRealEstate file 
upload f ...)
+       TODO: check
+CVE-2026-57870 (Broken object-level access control on the Template API in 
MicroRealEst ...)
+       TODO: check
+CVE-2026-57869 (Broken object-level access controls and the use of a 
deterministic pat ...)
+       TODO: check
+CVE-2026-57868 (MicroRealEstate is affected by broken object-level access 
controls in  ...)
+       TODO: check
+CVE-2026-57867 (MicroRealEstate allows adversaries to bypass authentication 
due to a l ...)
+       TODO: check
+CVE-2026-57573 (Crawl4AI is an open-source LLM-friendly web crawler and 
scraper. Prior ...)
+       TODO: check
+CVE-2026-57572 (Crawl4AI is an open-source LLM-friendly web crawler and 
scraper. Prior ...)
+       TODO: check
+CVE-2026-57571 (Crawl4AI is an open-source LLM-friendly web crawler and 
scraper. Prior ...)
+       TODO: check
+CVE-2026-55727 (A flaw in the authentication mechanism for video stream 
requests in Ge ...)
+       TODO: check
+CVE-2026-55646 (vLLM is an inference and serving engine for large language 
models. Fro ...)
+       TODO: check
+CVE-2026-55574 (vLLM is a high-throughput and memory-efficient inference and 
serving e ...)
+       TODO: check
+CVE-2026-55514 (vLLM is a library for LLM inference and serving. From 0.12.0 
to before ...)
+       TODO: check
+CVE-2026-54765 (Traefik is an open source HTTP reverse proxy and load 
balancer. From v ...)
+       TODO: check
+CVE-2026-54764 (Traefik is an HTTP reverse proxy and load balancer. Prior to 
v2.11.51, ...)
+       TODO: check
+CVE-2026-54763 (Traefik is an HTTP reverse proxy and load balancer. Prior to 
v2.11.51, ...)
+       TODO: check
+CVE-2026-54709
+       REJECTED
+CVE-2026-54234 (vLLM is a high-throughput and memory-efficient inference and 
serving e ...)
+       TODO: check
+CVE-2026-53763 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
+       TODO: check
+CVE-2026-53648 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-53647 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-53646 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-53645 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-53644 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-53643 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-53642 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-53641 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-53640 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-50135 (Hugo is a static site generator. From 0.123.0 to 0.161.1, a 
regression ...)
+       TODO: check
+CVE-2026-50134 (Hugo is a static site generator. From 0.91.0 until 0.162.0, 
resources. ...)
+       TODO: check
+CVE-2026-50133 (Hugo is a static site generator. Prior to 0.162.0, Hugo 
accepts conten ...)
+       TODO: check
+CVE-2026-4375 (The DoLeads Integrator WordPress plugin through 0.65, wp2epub 
WordPres ...)
+       TODO: check
+CVE-2026-48267 (DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL 
Pointer ...)
+       TODO: check
+CVE-2026-44362 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
+       TODO: check
+CVE-2026-43928 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-43927 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-43925 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-43921 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-43918 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-42546 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
+       TODO: check
+CVE-2026-42341 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-42331 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-42204 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-42201 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-42200 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-42172 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-42153 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-42148 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-42147 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-42145 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-42143 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-41899 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-41516 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
+       TODO: check
+CVE-2026-41515 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
+       TODO: check
+CVE-2026-41514 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
+       TODO: check
+CVE-2026-38979 (ajenti through v2.2.13 has a clickjacking weakness in the 
browser-faci ...)
+       TODO: check
+CVE-2026-38976 (mrubyc through 3.4.1 was found to contain a NULL pointer 
dereference i ...)
+       TODO: check
+CVE-2026-38973 (mrubyc through release3.4.1 was found to contain an 
out-of-bounds read ...)
+       TODO: check
+CVE-2026-34599 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34198 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34171 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34170 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34168 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34167 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34158 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34153 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34152 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34149 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34058 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34057 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34050 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34049 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34048 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34047 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34044 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34038 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34037 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34035 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34034 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-33734 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-32718 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-27844 (Uncaught Exception (CWE-248)in the Controller 6000 and 
Controller 7000 ...)
+       TODO: check
+CVE-2026-27790 (Uncaught Exception (CWE-248)inthe T20 Readersallows an 
authenticated a ...)
+       TODO: check
+CVE-2026-26053 (AnIncorrect Privilege Assignment (CWE-266)vulnerability inthe 
Command  ...)
+       TODO: check
+CVE-2026-25271 (Memory Corruption when processing asynchronous input 
parameters due to ...)
+       TODO: check
+CVE-2026-25268 (Memory Corruption when processing invalid HT40 channel layouts 
during  ...)
+       TODO: check
+CVE-2026-21384 (Memory Corruption when updating prepared commands with invalid 
port in ...)
+       TODO: check
+CVE-2026-21383 (Cryptographic Issue when using a static initialization vector 
for AES- ...)
+       TODO: check
+CVE-2026-21379 (Memory Corruption when allocating memory with sizes that 
exceed the ma ...)
+       TODO: check
+CVE-2026-21370 (Memory Corruption when validating input batch size and buffer 
plane co ...)
+       TODO: check
+CVE-2026-21369 (Memory Corruption when handling flash commands due to outdated 
LED cou ...)
+       TODO: check
+CVE-2026-21368 (Memory Corruption when parsing jpeg commands due to 
unaccounted extra  ...)
+       TODO: check
+CVE-2026-14898 (The OpenAI Codex desktop app for macOS rendered remote images 
from Mar ...)
+       TODO: check
+CVE-2026-14536 (Improper enforcement of a mandatory multi-factor 
authentication policy ...)
+       TODO: check
+CVE-2026-14471 (Improper Neutralization of Special Elements in the 
metrics-service ret ...)
+       TODO: check
+CVE-2026-14468 (HashiCorp Terraform Enterprise contained an issue in its 
version contr ...)
+       TODO: check
+CVE-2026-14345 (The WPFunnels \u2013 Funnel Builder for WooCommerce with 
Checkout & On ...)
+       TODO: check
+CVE-2026-13356 (A malicious webpage could interrupt a pending navigation by 
enqueuing  ...)
+       TODO: check
+CVE-2026-12375 (The uncanny-automator-pro WordPress plugin before 7.3.0.6 was 
distribu ...)
+       TODO: check
+CVE-2026-12277 (The Frontend File Manager Plugin WordPress plugin through 23.6 
does no ...)
+       TODO: check
+CVE-2026-11405 (The web server binary /bin/httpd contains a hidden backdoor 
authentica ...)
+       TODO: check
+CVE-2026-11328 (The Exclusive Addons for Elementor plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2026-10834 (The WP Travel Engine  WordPress plugin before 6.8.1 does not 
properly  ...)
+       TODO: check
+CVE-2025-59617 (Memory Corruption when processing multiple IOCTL calls with 
the same b ...)
+       TODO: check
+CVE-2025-59616 (Memory Corruption when processing multiple IOCTL calls with 
the same b ...)
+       TODO: check
+CVE-2025-59615 (Memory Corruption when invoking device input/output control 
operations ...)
+       TODO: check
+CVE-2024-56141 (Minosoft is an open-source, multi-version Minecraft Java 
Edition clien ...)
+       TODO: check
 CVE-2026-49861
        - fastdds <unfixed>
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/aeba2db3640d1f79d9f1f0430b10a475ea4c47cb
@@ -31,7 +259,7 @@ CVE-2026-45095
 CVE-2026-45094
        - fastdds <unfixed>
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/d9f4b373c90179c96f3b1542e72f16e282ef0104
 (v3.6.2)
-CVE-2026-59089
+CVE-2026-59089 (A flaw was found in GIMP. The PlayStation TIM loader, 
responsible for  ...)
        - gimp <unfixed>
        NOTE: https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/53cdb27fa2b1676d11e9677c9975b5ad7b61b2ee



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0b6a22546e983f8c97181c3e5a605197e65a6f8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0b6a22546e983f8c97181c3e5a605197e65a6f8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to