Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a0b6a225 by security tracker role at 2026-07-07T07:13:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,231 @@
+CVE-2026-59713 (Leantime contains an OIDC login CSRF vulnerability in the
verifyState( ...)
+ TODO: check
+CVE-2026-59712 (Leantime's Users::getUser method in the JSON-RPC API lacks
proper auth ...)
+ TODO: check
+CVE-2026-59711 (showdown contains a cross-site scripting vulnerability in
metadata tit ...)
+ TODO: check
+CVE-2026-59710 (showdown contains a stored cross-site scripting vulnerability
in the p ...)
+ TODO: check
+CVE-2026-58404 (Hugo is a static site generator. From v0.162.0 through
v0.163.0, the d ...)
+ TODO: check
+CVE-2026-58403 (Hugo is a static site generator. From v0.123.0 through
v0.163.0, Hugo' ...)
+ TODO: check
+CVE-2026-58402 (Hugo is a static site generator. From 0.60.0 until 0.163.3,
Hugo's def ...)
+ TODO: check
+CVE-2026-58315 (Cross-site request forgery vulnerability exists in SEIKO EPSON
Web Con ...)
+ TODO: check
+CVE-2026-57871 (Relative path traversal vulnerability in MicroRealEstate file
upload f ...)
+ TODO: check
+CVE-2026-57870 (Broken object-level access control on the Template API in
MicroRealEst ...)
+ TODO: check
+CVE-2026-57869 (Broken object-level access controls and the use of a
deterministic pat ...)
+ TODO: check
+CVE-2026-57868 (MicroRealEstate is affected by broken object-level access
controls in ...)
+ TODO: check
+CVE-2026-57867 (MicroRealEstate allows adversaries to bypass authentication
due to a l ...)
+ TODO: check
+CVE-2026-57573 (Crawl4AI is an open-source LLM-friendly web crawler and
scraper. Prior ...)
+ TODO: check
+CVE-2026-57572 (Crawl4AI is an open-source LLM-friendly web crawler and
scraper. Prior ...)
+ TODO: check
+CVE-2026-57571 (Crawl4AI is an open-source LLM-friendly web crawler and
scraper. Prior ...)
+ TODO: check
+CVE-2026-55727 (A flaw in the authentication mechanism for video stream
requests in Ge ...)
+ TODO: check
+CVE-2026-55646 (vLLM is an inference and serving engine for large language
models. Fro ...)
+ TODO: check
+CVE-2026-55574 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
+ TODO: check
+CVE-2026-55514 (vLLM is a library for LLM inference and serving. From 0.12.0
to before ...)
+ TODO: check
+CVE-2026-54765 (Traefik is an open source HTTP reverse proxy and load
balancer. From v ...)
+ TODO: check
+CVE-2026-54764 (Traefik is an HTTP reverse proxy and load balancer. Prior to
v2.11.51, ...)
+ TODO: check
+CVE-2026-54763 (Traefik is an HTTP reverse proxy and load balancer. Prior to
v2.11.51, ...)
+ TODO: check
+CVE-2026-54709
+ REJECTED
+CVE-2026-54234 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
+ TODO: check
+CVE-2026-53763 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
+ TODO: check
+CVE-2026-53648 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-53647 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-53646 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-53645 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-53644 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-53643 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-53642 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-53641 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-53640 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-50135 (Hugo is a static site generator. From 0.123.0 to 0.161.1, a
regression ...)
+ TODO: check
+CVE-2026-50134 (Hugo is a static site generator. From 0.91.0 until 0.162.0,
resources. ...)
+ TODO: check
+CVE-2026-50133 (Hugo is a static site generator. Prior to 0.162.0, Hugo
accepts conten ...)
+ TODO: check
+CVE-2026-4375 (The DoLeads Integrator WordPress plugin through 0.65, wp2epub
WordPres ...)
+ TODO: check
+CVE-2026-48267 (DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL
Pointer ...)
+ TODO: check
+CVE-2026-44362 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
+ TODO: check
+CVE-2026-43928 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-43927 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-43925 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-43921 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-43918 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-42546 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
+ TODO: check
+CVE-2026-42341 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-42331 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-42204 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-42201 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-42200 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-42172 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-42153 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-42148 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-42147 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-42145 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-42143 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-41899 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-41516 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
+ TODO: check
+CVE-2026-41515 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
+ TODO: check
+CVE-2026-41514 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
+ TODO: check
+CVE-2026-38979 (ajenti through v2.2.13 has a clickjacking weakness in the
browser-faci ...)
+ TODO: check
+CVE-2026-38976 (mrubyc through 3.4.1 was found to contain a NULL pointer
dereference i ...)
+ TODO: check
+CVE-2026-38973 (mrubyc through release3.4.1 was found to contain an
out-of-bounds read ...)
+ TODO: check
+CVE-2026-34599 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34198 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34171 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34170 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34168 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34167 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34158 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34153 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34152 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34149 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34058 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34057 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34050 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34049 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34048 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34047 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34044 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34038 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34037 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34035 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34034 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-33734 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-32718 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-27844 (Uncaught Exception (CWE-248)in the Controller 6000 and
Controller 7000 ...)
+ TODO: check
+CVE-2026-27790 (Uncaught Exception (CWE-248)inthe T20 Readersallows an
authenticated a ...)
+ TODO: check
+CVE-2026-26053 (AnIncorrect Privilege Assignment (CWE-266)vulnerability inthe
Command ...)
+ TODO: check
+CVE-2026-25271 (Memory Corruption when processing asynchronous input
parameters due to ...)
+ TODO: check
+CVE-2026-25268 (Memory Corruption when processing invalid HT40 channel layouts
during ...)
+ TODO: check
+CVE-2026-21384 (Memory Corruption when updating prepared commands with invalid
port in ...)
+ TODO: check
+CVE-2026-21383 (Cryptographic Issue when using a static initialization vector
for AES- ...)
+ TODO: check
+CVE-2026-21379 (Memory Corruption when allocating memory with sizes that
exceed the ma ...)
+ TODO: check
+CVE-2026-21370 (Memory Corruption when validating input batch size and buffer
plane co ...)
+ TODO: check
+CVE-2026-21369 (Memory Corruption when handling flash commands due to outdated
LED cou ...)
+ TODO: check
+CVE-2026-21368 (Memory Corruption when parsing jpeg commands due to
unaccounted extra ...)
+ TODO: check
+CVE-2026-14898 (The OpenAI Codex desktop app for macOS rendered remote images
from Mar ...)
+ TODO: check
+CVE-2026-14536 (Improper enforcement of a mandatory multi-factor
authentication policy ...)
+ TODO: check
+CVE-2026-14471 (Improper Neutralization of Special Elements in the
metrics-service ret ...)
+ TODO: check
+CVE-2026-14468 (HashiCorp Terraform Enterprise contained an issue in its
version contr ...)
+ TODO: check
+CVE-2026-14345 (The WPFunnels \u2013 Funnel Builder for WooCommerce with
Checkout & On ...)
+ TODO: check
+CVE-2026-13356 (A malicious webpage could interrupt a pending navigation by
enqueuing ...)
+ TODO: check
+CVE-2026-12375 (The uncanny-automator-pro WordPress plugin before 7.3.0.6 was
distribu ...)
+ TODO: check
+CVE-2026-12277 (The Frontend File Manager Plugin WordPress plugin through 23.6
does no ...)
+ TODO: check
+CVE-2026-11405 (The web server binary /bin/httpd contains a hidden backdoor
authentica ...)
+ TODO: check
+CVE-2026-11328 (The Exclusive Addons for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-10834 (The WP Travel Engine WordPress plugin before 6.8.1 does not
properly ...)
+ TODO: check
+CVE-2025-59617 (Memory Corruption when processing multiple IOCTL calls with
the same b ...)
+ TODO: check
+CVE-2025-59616 (Memory Corruption when processing multiple IOCTL calls with
the same b ...)
+ TODO: check
+CVE-2025-59615 (Memory Corruption when invoking device input/output control
operations ...)
+ TODO: check
+CVE-2024-56141 (Minosoft is an open-source, multi-version Minecraft Java
Edition clien ...)
+ TODO: check
CVE-2026-49861
- fastdds <unfixed>
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/aeba2db3640d1f79d9f1f0430b10a475ea4c47cb
@@ -31,7 +259,7 @@ CVE-2026-45095
CVE-2026-45094
- fastdds <unfixed>
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/d9f4b373c90179c96f3b1542e72f16e282ef0104
(v3.6.2)
-CVE-2026-59089
+CVE-2026-59089 (A flaw was found in GIMP. The PlayStation TIM loader,
responsible for ...)
- gimp <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/53cdb27fa2b1676d11e9677c9975b5ad7b61b2ee
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0b6a22546e983f8c97181c3e5a605197e65a6f8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0b6a22546e983f8c97181c3e5a605197e65a6f8
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits