Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1b1f2ee7 by security tracker role at 2026-07-09T07:13:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,82 +1,348 @@
-CVE-2026-15112
+CVE-2026-8801 (Path equivalence: vulnerability in Progress MOVEit Transfer
(File Uplo ...)
+ TODO: check
+CVE-2026-8800 (Incorrect Authorization vulnerability in Progress MOVEit
Transfer (Aud ...)
+ TODO: check
+CVE-2026-8651 (Limited authentication bypass by spoofing vulnerability in
Progress MO ...)
+ TODO: check
+CVE-2026-8650 (Relative path traversal vulnerability in Progress MOVEit
Transfer (Adm ...)
+ TODO: check
+CVE-2026-8649 (Improper Neutralization of Special Elements in Data Query Logic
vulner ...)
+ TODO: check
+CVE-2026-8472 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-7492 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-6896 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-6352 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-60105 (Monsta FTP before 2.14.5 contains a server-side request
forgery vulner ...)
+ TODO: check
+CVE-2026-60104 (Bitwarden Server before 2026.6.0 does not verify that the
email in a P ...)
+ TODO: check
+CVE-2026-5923 (Malicious use of a stolen cookie might allow modifications to
the cont ...)
+ TODO: check
+CVE-2026-5922 (The IP phone might use malicious input stored in configuration
paramet ...)
+ TODO: check
+CVE-2026-5523 (The Divi Form Builder plugin for WordPress is vulnerable to
Missing Au ...)
+ TODO: check
+CVE-2026-59948 (Composer is a dependency Manager for the PHP language. Prior
to 2.2.29 ...)
+ TODO: check
+CVE-2026-59947 (Composer is a dependency Manager for the PHP language. Prior
to 2.2.29 ...)
+ TODO: check
+CVE-2026-59946 (Composer is a dependency Manager for the PHP language. Prior
to 2.2.29 ...)
+ TODO: check
+CVE-2026-59939 (httplib2 is a comprehensive HTTP client library for Python.
Prior to 0 ...)
+ TODO: check
+CVE-2026-59936 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.14 ...)
+ TODO: check
+CVE-2026-59935 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.14 ...)
+ TODO: check
+CVE-2026-59822 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
+ TODO: check
+CVE-2026-59821 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
+ TODO: check
+CVE-2026-59820 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
+ TODO: check
+CVE-2026-59819 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
+ TODO: check
+CVE-2026-59818 (etcd is a distributed key-value store for the data of a
distributed sy ...)
+ TODO: check
+CVE-2026-59807 (Composio SDK before 0.2.32-beta.283 contains a path validation
bypass ...)
+ TODO: check
+CVE-2026-59806 (Gradio before 6.20.0 contains an open redirect and server-side
request ...)
+ TODO: check
+CVE-2026-59805 (Gumroad before 2026.07.06.2 contains a broken access control
vulnerabi ...)
+ TODO: check
+CVE-2026-59804 (Midscene Bridge Server through 1.10.3, fixed in commit
86f4118, contai ...)
+ TODO: check
+CVE-2026-59803 (rpcx through 1.9.3, fixed in commit 047aec1, contains a
denial-of-serv ...)
+ TODO: check
+CVE-2026-59802 (PasswordPusher before 2.8.1 accepts data URI schemes in URL
push paylo ...)
+ TODO: check
+CVE-2026-59723 (Cline is an autonomous coding agent as an SDK, IDE extension,
or CLI a ...)
+ TODO: check
+CVE-2026-58525 (Improper access control in Microsoft Edge (Chromium-based)
allows an u ...)
+ TODO: check
+CVE-2026-58501 (Zeep is a Python SOAP client. From 4.0.0 before 4.3.3,
Settings.forbid ...)
+ TODO: check
+CVE-2026-58494 (Wasmtime is a runtime for WebAssembly. Prior to 24.0.11,
36.0.12, 45.0 ...)
+ TODO: check
+CVE-2026-58192 (Appium is a cross-platform automation framework for all kinds
of apps, ...)
+ TODO: check
+CVE-2026-58191 (Appium is a cross-platform automation framework for all kinds
of apps, ...)
+ TODO: check
+CVE-2026-57481 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-57480 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-56669 (Elysia is a Typescript framework for request validation, type
inferenc ...)
+ TODO: check
+CVE-2026-55878 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0
before 2 ...)
+ TODO: check
+CVE-2026-55877 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0
before 2 ...)
+ TODO: check
+CVE-2026-55849 (@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of
Materials ...)
+ TODO: check
+CVE-2026-55778 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-55760 (Handlebars.java provides logic-less and semantic Mustache
templates wi ...)
+ TODO: check
+CVE-2026-55596 (Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0
until 5 ...)
+ TODO: check
+CVE-2026-55575 (LiquidJS is a Shopify / GitHub Pages compatible template
engine in pur ...)
+ TODO: check
+CVE-2026-55542 (Snipe-IT is an IT asset/license management system. Prior to
version 8. ...)
+ TODO: check
+CVE-2026-55471 (HAPI FHIR is a complete implementation of the HL7 FHIR
standard for he ...)
+ TODO: check
+CVE-2026-55470 (HAPI FHIR is a complete implementation of the HL7 FHIR
standard for he ...)
+ TODO: check
+CVE-2026-55404 (yt-dlp and youtube-dl are command-line audio/video
downloaders. Prior ...)
+ TODO: check
+CVE-2026-55206 (py7zr is a Python-based library and utility to support 7zip
archive co ...)
+ TODO: check
+CVE-2026-55195 (py7zr is a Python-based library and utility to support 7zip
archive co ...)
+ TODO: check
+CVE-2026-54784 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54783 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54782 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54781 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54780 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54779 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54778 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54777 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54776 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54775 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54774 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54773 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54772 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2026-54591 (AsyncSSH is a Python package which provides an asynchronous
client and ...)
+ TODO: check
+CVE-2026-54590 (AsyncSSH is a Python package which provides an asynchronous
client and ...)
+ TODO: check
+CVE-2026-54528 (JupyterLab Git is a Git extension for JupyterLab. Prior to
0.54.0, jup ...)
+ TODO: check
+CVE-2026-54527 (JupyterLab Git is a Git extension for JupyterLab. From
0.30.0b3 before ...)
+ TODO: check
+CVE-2026-54499 (Stanza is a Stanford NLP Python library for tokenization,
sentence seg ...)
+ TODO: check
+CVE-2026-53624 (Fiber is an Express inspired web framework written in Go.
Prior to 3.4 ...)
+ TODO: check
+CVE-2026-52200 (An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows
a remot ...)
+ TODO: check
+CVE-2026-51535 (In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion
(Denial of Ser ...)
+ TODO: check
+CVE-2026-49866 (libp2p is a JavaScript Implementation of libp2p networking
stack. Prio ...)
+ TODO: check
+CVE-2026-48492 (Snipe-IT is an IT asset/license management system. Prior to
version 8. ...)
+ TODO: check
+CVE-2026-47840 (A network attacker positioned between UAA and its LDAP
directory can i ...)
+ TODO: check
+CVE-2026-47831 (Use of a cryptographically weak random number generator in the
Generat ...)
+ TODO: check
+CVE-2026-47830 (Incorrect Permission Assignment in BOSH.Utils.psm1 in
BOSH-Ecosystem b ...)
+ TODO: check
+CVE-2026-47829 (Argument Injection in bosh-cli allows a compromised BOSH
Director to i ...)
+ TODO: check
+CVE-2026-47828 (During bosh create-env and bosh delete-env, the CLI uploads
compiled C ...)
+ TODO: check
+CVE-2026-47826 (The blobs.yml path key traversal vulnerability in the BOSH CLI
tool al ...)
+ TODO: check
+CVE-2026-47646 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-45045 (Fiber is an Express inspired web framework written in Go.
Prior to 3.3 ...)
+ TODO: check
+CVE-2026-44512 (Open Neural Network Exchange (ONNX) is an open standard for
machine le ...)
+ TODO: check
+CVE-2026-44332 (Fiber is an Express inspired web framework written in Go.
Prior to 3.3 ...)
+ TODO: check
+CVE-2026-44161 (Fluentd collects events from various data sources and writes
them to f ...)
+ TODO: check
+CVE-2026-44160 (Fluentd collects events from various data sources and writes
them to f ...)
+ TODO: check
+CVE-2026-44025 (Fluentd collects events from various data sources and writes
them to f ...)
+ TODO: check
+CVE-2026-44024 (Fluentd collects events from various data sources and writes
them to f ...)
+ TODO: check
+CVE-2026-41857 (A compromised or malicious BOSH Director can execute arbitrary
shell c ...)
+ TODO: check
+CVE-2026-39179 (A SQL injection vulnerability in SOGo before 5.12.7 allows
authenticat ...)
+ TODO: check
+CVE-2026-39178 (A SQL injection vulnerability in SOGo before 5.12.7 allows
authenticat ...)
+ TODO: check
+CVE-2026-36028 (A protection mechanism failure in the Code 27 Companion Hub
allows an ...)
+ TODO: check
+CVE-2026-36027 (An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a
physicall ...)
+ TODO: check
+CVE-2026-35552 (In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and
UDiTH Portal ...)
+ TODO: check
+CVE-2026-35211 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
+ TODO: check
+CVE-2026-35210 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
+ TODO: check
+CVE-2026-31309 (Improper authorization in the /tequilapi/config/user endpoint
of Myste ...)
+ TODO: check
+CVE-2026-15174 (Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0
to 4.6.6 ...)
+ TODO: check
+CVE-2026-15173 (pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows
denial of ...)
+ TODO: check
+CVE-2026-15172 (FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to
4.6.6 and 4. ...)
+ TODO: check
+CVE-2026-15171 (SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and
4.4.0 to ...)
+ TODO: check
+CVE-2026-15170 (Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6
and 4.4.0 ...)
+ TODO: check
+CVE-2026-15169 (UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6
and 4.4.0 ...)
+ TODO: check
+CVE-2026-15168 (BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to
4.4.16 allows ...)
+ TODO: check
+CVE-2026-15167 (DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6
and 4.4.0 ...)
+ TODO: check
+CVE-2026-15166 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to
4.6.6 and 4 ...)
+ TODO: check
+CVE-2026-15165 (TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows
denial of s ...)
+ TODO: check
+CVE-2026-15164 (Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows
denial of ...)
+ TODO: check
+CVE-2026-15163 (Multiple protocol dissector infinite loops in Wireshark 4.6.0
to 4.6.6 ...)
+ TODO: check
+CVE-2026-15154 (A flaw was found in `guardrails-detectors`, a component of Red
Hat Ope ...)
+ TODO: check
+CVE-2026-15138 (A security vulnerability has been detected in tumf
mcp-text-editor up ...)
+ TODO: check
+CVE-2026-15137 (A weakness has been identified in code-projects Interview
Management S ...)
+ TODO: check
+CVE-2026-15135 (A security flaw has been discovered in code-projects Online
Food Order ...)
+ TODO: check
+CVE-2026-15134 (A vulnerability was determined in CodeAstro Simple Online
Leave Manage ...)
+ TODO: check
+CVE-2026-15105 (A flaw has been found in davenardella snap7 up to 1.4.3. This
affects ...)
+ TODO: check
+CVE-2026-14896 (HashiCorp Nomad and Nomad Enterprise are vulnerable to a
cross-namespa ...)
+ TODO: check
+CVE-2026-14891 (HashiCorp Nomad and Nomad Enterprise are vulnerable to a
sandbox escap ...)
+ TODO: check
+CVE-2026-14373 (HashiCorp Nomad and Nomad Enterprise did not enforce the
allow_privile ...)
+ TODO: check
+CVE-2026-14361 (The consul-template library before version 0.42.1 is
vulnerable to a p ...)
+ TODO: check
+CVE-2026-13320 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-13151 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-12517 (The Fediverse Embeds WordPress plugin before 1.5.8 does not
validate t ...)
+ TODO: check
+CVE-2026-12516 (The Fediverse Embeds WordPress plugin before 1.5.8 does not
validate t ...)
+ TODO: check
+CVE-2026-12270 (The Everest Forms WordPress plugin before 3.5.0 does not
correctly re ...)
+ TODO: check
+CVE-2026-11875 (The WP Support Plus Responsive Ticket System WordPress plugin
through ...)
+ TODO: check
+CVE-2026-11869 (The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does
not perf ...)
+ TODO: check
+CVE-2026-11827 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-11571 (The Everest Forms WordPress plugin before 3.5.0 does not
reliably del ...)
+ TODO: check
+CVE-2026-10037 (A sandbox escape vulnerability exists in the OpenJDK packages
provided ...)
+ TODO: check
+CVE-2026-0288 (Multiple buffer overflow vulnerabilities in the User-ID
Terminal Serve ...)
+ TODO: check
+CVE-2025-12506 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-15112 (Use after free in Ozone in Google Chrome prior to
150.0.7871.115 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15129
+CVE-2026-15129 (Use after free in Views in Google Chrome prior to
150.0.7871.115 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15132
+CVE-2026-15132 (Uninitialized Use in V8 in Google Chrome prior to
150.0.7871.115 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15133
+CVE-2026-15133 (Use after free in InterestGroups in Google Chrome prior to
150.0.7871. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15108
+CVE-2026-15108 (Integer overflow in Extensions API in Google Chrome prior to
150.0.787 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15109
+CVE-2026-15109 (Uninitialized Use in ANGLE in Google Chrome prior to
150.0.7871.115 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15110
+CVE-2026-15110 (Use after free in Extensions in Google Chrome prior to
150.0.7871.115 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15111
+CVE-2026-15111 (Use after free in Views in Google Chrome prior to
150.0.7871.115 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15113
+CVE-2026-15113 (Use after free in Autofill in Google Chrome on Android prior
to 150.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15114
+CVE-2026-15114 (Out of bounds read and write in Codecs in Google Chrome prior
to 150.0 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15115
+CVE-2026-15115 (Insufficient validation of untrusted input in WebAppInstalls
in Google ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15116
+CVE-2026-15116 (Use after free in Actor in Google Chrome prior to
150.0.7871.115 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15117
+CVE-2026-15117 (Use after free in Payments in Google Chrome prior to
150.0.7871.115 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15118
+CVE-2026-15118 (Use after free in Input in Google Chrome prior to
150.0.7871.115 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15119
+CVE-2026-15119 (Race in GetUserMedia in Google Chrome prior to 150.0.7871.115
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15120
+CVE-2026-15120 (Use after free in Core in Google Chrome on Windows prior to
150.0.7871 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15121
+CVE-2026-15121 (Use after free in WebRTC in Google Chrome prior to
150.0.7871.115 allo ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15122
+CVE-2026-15122 (Insufficient validation of untrusted input in Codecs in Google
Chrome ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15123
+CVE-2026-15123 (Inappropriate implementation in DOM in Google Chrome prior to
150.0.78 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15124
+CVE-2026-15124 (Insufficient policy enforcement in Passwords in Google Chrome
prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15125
+CVE-2026-15125 (Inappropriate implementation in Forms in Google Chrome prior
to 150.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15126
+CVE-2026-15126 (Use after free in Forms in Google Chrome prior to
150.0.7871.115 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15127
+CVE-2026-15127 (Inappropriate implementation in WebGL in Google Chrome prior
to 150.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15128
+CVE-2026-15128 (Inappropriate implementation in Forms in Google Chrome prior
to 150.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15130
+CVE-2026-15130 (Insufficient policy enforcement in Navigation in Google Chrome
prior t ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15107
+CVE-2026-15107 (Use after free in IndexedDB in Google Chrome prior to
150.0.7871.115 a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-15131
+CVE-2026-15131 (Inappropriate implementation in Navigation in Google Chrome
prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9074 (IBM API Connect 10.0.8.0 through 10.0.8.9 and12.1.0.0 through
12.1.0.3 ...)
@@ -2309,48 +2575,49 @@ CVE-2026-12893 [gstreamer1-libav: gstreamer1-libav:
NULL pointer dereference in
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f9a43351c18cef873e4d2d062d0d388ce0cf21a7
(1.24 branch)
CVE-2024-0234
NOT-FOR-US: Podman Desktop
-CVE-2026-58207
+CVE-2026-58207 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.3-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-q59r-vq66-pxc2
-CVE-2026-58208
+CVE-2026-58208 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.3-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-p957-7v2w-g93g
-CVE-2026-58209
+CVE-2026-58209 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.3-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-7qmq-8cc4-hxwg
-CVE-2026-58210
+CVE-2026-58210 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.3-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-r72h-j7qq-v6qg
-CVE-2026-58211
+CVE-2026-58211 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.3-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-hmmp-q8cx-v964
CVE-2026-58212
+ REJECTED
- nats-server 2.14.3-1
- golang-github-nats-io-nkeys <unfixed>
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-g33f-6538-grxh
-CVE-2026-58214
+CVE-2026-58214 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.3-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-4g68-3pwx-5vfj
NOTE: CVE is for incomplete fixes of CVE-2026-33217.
-CVE-2026-58254
+CVE-2026-58254 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.3-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-p3j5-5hrq-p75h
NOTE: CVE is for incomplete fixes of CVE-2026-33249.
-CVE-2026-58213
+CVE-2026-58213 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.1-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-qrcv-3558-gj4f
-CVE-2026-58250
+CVE-2026-58250 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.1-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-3g5q-cfh2-cq67
NOTE: CVE is for incomplete fixes of CVE-2026-29785 and CVE-2026-33218
in 2.12.7 and
NOTE: 2.11.16, mark the first version following (2.14.1-1) as the fixed
one in Debian.
-CVE-2026-58251
+CVE-2026-58251 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.1-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-jx8g-9g95-6322
-CVE-2026-58252
+CVE-2026-58252 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.1-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-wh7g-5m82-pmhr
-CVE-2026-58253
+CVE-2026-58253 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.1-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-38x3-76xf-cq45
CVE-2026-9756 (The GenerateBlocks plugin for WordPress is vulnerable to Stored
Cross- ...)
@@ -12124,7 +12391,7 @@ CVE-2026-48785
NOTE: Fixed by:
https://github.com/apptainer/apptainer/commit/4ce069ed6e56e1acd8cbfbfc0d57ccce3311bf92
(v1.5.1)
CVE-2026-54503
NOT-FOR-US: Plone
-CVE-2026-55830
+CVE-2026-55830 (RestrictedPython is a tool that helps to define a subset of
the Python ...)
NOT-FOR-US: Plone
CVE-2026-55099
NOT-FOR-US: Plone
@@ -19717,13 +19984,13 @@ CVE-2026-50636 (The RemoteControl API methods
invite_participants and remind_par
- limesurvey <itp> (bug #472802)
CVE-2026-50635 (LimeSurvey constructs account password-reset links from the
client-sup ...)
- limesurvey <itp> (bug #472802)
-CVE-2026-50512 (Improper link resolution before file access ('link following')
in Micr ...)
+CVE-2026-50512 (Missing authentication for critical function in Microsoft PC
Manager a ...)
NOT-FOR-US: Microsoft
CVE-2026-50511 (Improper link resolution before file access ('link following')
in Micr ...)
NOT-FOR-US: Microsoft
CVE-2026-50508 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
NOT-FOR-US: Microsoft
-CVE-2026-50507 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
+CVE-2026-50507 (Missing authentication for critical function in Windows
BitLocker allo ...)
NOT-FOR-US: Microsoft
CVE-2026-4058 (The User Frontend: AI Powered Frontend Posting, User Directory,
Profil ...)
NOT-FOR-US: WordPress plugin
@@ -19781,15 +20048,15 @@ CVE-2026-49160 (Uncontrolled resource consumption in
HTTP/2 allows an unauthoriz
NOT-FOR-US: Microsoft
CVE-2026-48583 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
NOT-FOR-US: Microsoft
-CVE-2026-48578 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+CVE-2026-48578 (Improper access control in Windows Secure Boot allows an
authorized at ...)
NOT-FOR-US: Microsoft
-CVE-2026-48576 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+CVE-2026-48576 (No cwe for this issue in Windows Secure Boot allows an
authorized atta ...)
NOT-FOR-US: Microsoft
CVE-2026-48575 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
NOT-FOR-US: Microsoft
CVE-2026-48574 (Heap-based buffer overflow in Windows Media allows an
unauthorized att ...)
NOT-FOR-US: Microsoft
-CVE-2026-48573 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+CVE-2026-48573 (No cwe for this issue in Windows Secure Boot allows an
authorized atta ...)
NOT-FOR-US: Microsoft
CVE-2026-48570 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
NOT-FOR-US: Microsoft
@@ -19801,11 +20068,11 @@ CVE-2026-48566 (Out-of-bounds read in Windows DWM
Core Library allows an authori
NOT-FOR-US: Microsoft
CVE-2026-48565 (Untrusted search path in Windows Narrator Braille allows an
authorized ...)
NOT-FOR-US: Microsoft
-CVE-2026-48563 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+CVE-2026-48563 (Use after free in Remote Desktop Client allows an unauthorized
attacke ...)
NOT-FOR-US: Microsoft
CVE-2026-48562 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
-CVE-2026-48560 (Improper neutralization of input during web page generation
('cross-si ...)
+CVE-2026-48560 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
NOT-FOR-US: Microsoft
CVE-2026-48304 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
NOT-FOR-US: Adobe
@@ -19929,17 +20196,17 @@ CVE-2026-47899 (The Electron preload script in Logseq
exposes an API method that
NOT-FOR-US: Logseq
CVE-2026-47656 (Protection mechanism failure in Windows Boot Manager allows an
authori ...)
NOT-FOR-US: Microsoft
-CVE-2026-47654 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+CVE-2026-47654 (Use after free in Remote Desktop Client allows an unauthorized
attacke ...)
NOT-FOR-US: Microsoft
-CVE-2026-47653 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+CVE-2026-47653 (Use after free in Remote Desktop Client allows an unauthorized
attacke ...)
NOT-FOR-US: Microsoft
-CVE-2026-47652 (Out-of-bounds read in Windows Hyper-V allows an unauthorized
attacker ...)
+CVE-2026-47652 (Heap-based buffer overflow in Windows Hyper-V allows an
authorized att ...)
NOT-FOR-US: Microsoft
CVE-2026-47648 (Untrusted search path in Windows Storage allows an authorized
attacker ...)
NOT-FOR-US: Microsoft
CVE-2026-47643 (External control of file name or path in Azure Stack Edge
allows an un ...)
NOT-FOR-US: Microsoft
-CVE-2026-47641 (Improper neutralization of input during web page generation
('cross-si ...)
+CVE-2026-47641 (Improper input validation in Microsoft Office SharePoint
allows an aut ...)
NOT-FOR-US: Microsoft
CVE-2026-47640 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
@@ -19951,9 +20218,9 @@ CVE-2026-47637 (Improper neutralization of input during
web page generation ('cr
NOT-FOR-US: Microsoft
CVE-2026-47636 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
-CVE-2026-47635 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+CVE-2026-47635 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
NOT-FOR-US: Microsoft
-CVE-2026-47634 (Improper neutralization of input during web page generation
('cross-si ...)
+CVE-2026-47634 (Improper neutralization of special elements in output used by
a downst ...)
NOT-FOR-US: Microsoft
CVE-2026-47631 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
@@ -19989,7 +20256,7 @@ CVE-2026-47287 (Relative path traversal in Visual
Studio Code allows an unauthor
NOT-FOR-US: Microsoft
CVE-2026-47284 (Exposure of sensitive information to an unauthorized actor in
Visual S ...)
NOT-FOR-US: Microsoft
-CVE-2026-47281 (Improper input validation in Visual Studio Code allows an
unauthorized ...)
+CVE-2026-47281 (Missing authorization in Visual Studio Code allows an
unauthorized att ...)
NOT-FOR-US: Microsoft
CVE-2026-46749 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
NOT-FOR-US: Siemens
@@ -20003,7 +20270,7 @@ CVE-2026-46492 (md-fileserver allows for local viewing
of markdown files in a br
NOT-FOR-US: md-fileserver
CVE-2026-45771 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
- freeswitch <itp> (bug #389591)
-CVE-2026-45658 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
+CVE-2026-45658 (Improper access control in Windows BitLocker allows an
authorized atta ...)
NOT-FOR-US: Microsoft
CVE-2026-45657 (Use after free in Windows Kernel allows an unauthorized
attacker to ex ...)
NOT-FOR-US: Microsoft
@@ -20011,9 +20278,9 @@ CVE-2026-45656 (Protection mechanism failure in Windows
UEFI allows an authorize
NOT-FOR-US: Microsoft
CVE-2026-45655 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
NOT-FOR-US: Microsoft
-CVE-2026-45654 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
+CVE-2026-45654 (Improper access control in Windows Secure Boot allows an
authorized at ...)
NOT-FOR-US: Microsoft
-CVE-2026-45653 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
+CVE-2026-45653 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
NOT-FOR-US: Microsoft
CVE-2026-45650 (User interface (ui) misrepresentation of critical information
in Micro ...)
NOT-FOR-US: Microsoft
@@ -20023,7 +20290,7 @@ CVE-2026-45648 (Stack-based buffer overflow in Active
Directory Domain Services
NOT-FOR-US: Microsoft
CVE-2026-45647 (Time-of-check time-of-use (toctou) race condition in Microsoft
Defende ...)
NOT-FOR-US: Microsoft
-CVE-2026-45645 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+CVE-2026-45645 (Untrusted pointer dereference in Microsoft Office allows an
unauthoriz ...)
NOT-FOR-US: Microsoft
CVE-2026-45644 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
@@ -20031,7 +20298,7 @@ CVE-2026-45643 (Untrusted pointer dereference in
Microsoft Office Word allows an
NOT-FOR-US: Microsoft
CVE-2026-45642 (Improper input validation in Microsoft Azure Attestation
service and D ...)
NOT-FOR-US: Microsoft
-CVE-2026-45641 (Out-of-bounds read in Windows Hyper-V allows an unauthorized
attacker ...)
+CVE-2026-45641 (Access of resource using incompatible type ('type confusion')
in Windo ...)
NOT-FOR-US: Microsoft
CVE-2026-45640 (Use after free in Windows Bluetooth Port Driver allows an
authorized a ...)
NOT-FOR-US: Microsoft
@@ -20043,11 +20310,11 @@ CVE-2026-45637 (Use after free in Windows DWM Core
Library allows an authorized
NOT-FOR-US: Microsoft
CVE-2026-45636 (Heap-based buffer overflow in Windows NTFS allows an
unauthorized atta ...)
NOT-FOR-US: Microsoft
-CVE-2026-45635 (Use after free in Universal Plug and Play (upnp.dll) allows an
unautho ...)
+CVE-2026-45635 (Access of resource using incompatible type ('type confusion')
in Unive ...)
NOT-FOR-US: Microsoft
CVE-2026-45634 (Out-of-bounds read in Windows DHCP Server allows an authorized
attacke ...)
NOT-FOR-US: Microsoft
-CVE-2026-45608 (Out-of-bounds read in Windows DHCP Server allows an authorized
attacke ...)
+CVE-2026-45608 (Out-of-bounds read in Windows DHCP Client allows an
unauthorized attac ...)
NOT-FOR-US: Microsoft
CVE-2026-45607 (Out-of-bounds read in Windows Hyper-V allows an unauthorized
attacker ...)
NOT-FOR-US: Microsoft
@@ -20057,17 +20324,17 @@ CVE-2026-45605 (Use after free in Windows Bluetooth
Service allows an authorized
NOT-FOR-US: Microsoft
CVE-2026-45604 (Out-of-bounds read in Windows Application Identity (AppID)
Subsystem a ...)
NOT-FOR-US: Microsoft
-CVE-2026-45603 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+CVE-2026-45603 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-45602 (No cwe for this issue in Windows DHCP Server allows an
unauthorized at ...)
NOT-FOR-US: Microsoft
-CVE-2026-45601 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+CVE-2026-45601 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-45600 (Access of resource using incompatible type ('type confusion')
in Windo ...)
NOT-FOR-US: Microsoft
CVE-2026-45599 (Use after free in Universal Plug and Play (upnp.dll) allows an
unautho ...)
NOT-FOR-US: Microsoft
-CVE-2026-45598 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+CVE-2026-45598 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-45597 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
@@ -20091,11 +20358,11 @@ CVE-2026-45583 (Improper control of generation of
code ('code injection') in Mic
NOT-FOR-US: Microsoft
CVE-2026-45504 (Server-side request forgery (ssrf) in Microsoft Exchange
Server allows ...)
NOT-FOR-US: Microsoft
-CVE-2026-45503 (Server-side request forgery (ssrf) in Microsoft Exchange
Server allows ...)
+CVE-2026-45503 (Improper authorization in Microsoft Exchange Server allows an
authoriz ...)
NOT-FOR-US: Microsoft
CVE-2026-45502 (Server-side request forgery (ssrf) in Microsoft Exchange
Server allows ...)
NOT-FOR-US: Microsoft
-CVE-2026-45501 (Improper neutralization of input during web page generation
('cross-si ...)
+CVE-2026-45501 (Server-side request forgery (ssrf) in Microsoft Exchange
Server allows ...)
NOT-FOR-US: Microsoft
CVE-2026-45500 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
@@ -20105,7 +20372,7 @@ CVE-2026-45490 (Improper authorization in .NET allows
an authorized attacker to
NOT-FOR-US: Microsoft
CVE-2026-45487 (Time-of-check time-of-use (TOCTOU) race condition in Program
Compatibi ...)
NOT-FOR-US: Microsoft
-CVE-2026-45486 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
+CVE-2026-45486 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
NOT-FOR-US: Microsoft
CVE-2026-45485 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
NOT-FOR-US: Microsoft
@@ -20113,7 +20380,7 @@ CVE-2026-45484 (Deserialization of untrusted data in
Microsoft Office SharePoint
NOT-FOR-US: Microsoft
CVE-2026-45483 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
-CVE-2026-45482 (Initialization of a resource with an insecure default in
GitHub Copilo ...)
+CVE-2026-45482 (Improper limitation of a pathname to a restricted directory
('path tra ...)
NOT-FOR-US: Microsoft
CVE-2026-45481 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
@@ -20123,9 +20390,9 @@ CVE-2026-45476 (Use after free in Linux MANA Driver
allows an authorized attacke
NOT-FOR-US: Microsoft
CVE-2026-45475 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
NOT-FOR-US: Microsoft
-CVE-2026-45474 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+CVE-2026-45474 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
NOT-FOR-US: Microsoft
-CVE-2026-45472 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+CVE-2026-45472 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
NOT-FOR-US: Microsoft
CVE-2026-45471 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
NOT-FOR-US: Microsoft
@@ -20141,19 +20408,19 @@ CVE-2026-45465 (Improper neutralization of input
during web page generation ('cr
NOT-FOR-US: Microsoft
CVE-2026-45464 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
-CVE-2026-45463 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+CVE-2026-45463 (Integer underflow (wrap or wraparound) in Microsoft Office
allows an u ...)
NOT-FOR-US: Microsoft
CVE-2026-45462 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
-CVE-2026-45461 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+CVE-2026-45461 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
NOT-FOR-US: Microsoft
-CVE-2026-45460 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
+CVE-2026-45460 (Buffer over-read in Microsoft Office allows an unauthorized
attacker t ...)
NOT-FOR-US: Microsoft
CVE-2026-45459 (Protection mechanism failure in Microsoft Office Excel allows
an unaut ...)
NOT-FOR-US: Microsoft
-CVE-2026-45458 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+CVE-2026-45458 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
NOT-FOR-US: Microsoft
-CVE-2026-45457 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
+CVE-2026-45457 (Out-of-bounds read in Microsoft Office Word allows an
unauthorized att ...)
NOT-FOR-US: Microsoft
CVE-2026-45456 (Access of resource using incompatible type ('type confusion')
in Micro ...)
NOT-FOR-US: Microsoft
@@ -20165,19 +20432,19 @@ CVE-2026-45453 (Improper neutralization of input
during web page generation ('cr
NOT-FOR-US: Microsoft
CVE-2026-44824 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
NOT-FOR-US: Microsoft
-CVE-2026-44823 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
+CVE-2026-44823 (Numeric truncation error in Microsoft Office Excel allows an
unauthori ...)
NOT-FOR-US: Microsoft
CVE-2026-44822 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
NOT-FOR-US: Microsoft
CVE-2026-44821 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
NOT-FOR-US: Microsoft
-CVE-2026-44820 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
+CVE-2026-44820 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
NOT-FOR-US: Microsoft
CVE-2026-44819 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
NOT-FOR-US: Microsoft
-CVE-2026-44818 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
+CVE-2026-44818 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
-CVE-2026-44817 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
+CVE-2026-44817 (Access of resource using incompatible type ('type confusion')
in Micro ...)
NOT-FOR-US: Microsoft
CVE-2026-44815 (Stack-based buffer overflow in Windows DHCP Client allows an
unauthori ...)
NOT-FOR-US: Microsoft
@@ -20187,13 +20454,13 @@ CVE-2026-44813 (Use after free in Windows DWM Core
Library allows an authorized
NOT-FOR-US: Microsoft
CVE-2026-44812 (Integer overflow or wraparound in Windows Win32K - GRFX allows
an unau ...)
NOT-FOR-US: Microsoft
-CVE-2026-44811 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+CVE-2026-44811 (Heap-based buffer overflow in Windows DWM Core Library allows
an autho ...)
NOT-FOR-US: Microsoft
CVE-2026-44810 (Improper authentication in Windows Cryptographic Services
allows an un ...)
NOT-FOR-US: Microsoft
CVE-2026-44809 (Use after free in Windows Common Log File System Driver allows
an auth ...)
NOT-FOR-US: Microsoft
-CVE-2026-44808 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
+CVE-2026-44808 (Heap-based buffer overflow in Windows DWM Core Library allows
an autho ...)
NOT-FOR-US: Microsoft
CVE-2026-44807 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
NOT-FOR-US: Microsoft
@@ -20205,7 +20472,7 @@ CVE-2026-44803 (Integer overflow or wraparound in
Windows Win32K - GRFX allows a
NOT-FOR-US: Microsoft
CVE-2026-44802 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
NOT-FOR-US: Microsoft
-CVE-2026-44801 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+CVE-2026-44801 (Use after free in Remote Desktop Client allows an unauthorized
attacke ...)
NOT-FOR-US: Microsoft
CVE-2026-44799 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
NOT-FOR-US: Microsoft
@@ -20225,7 +20492,7 @@ CVE-2026-42987 (Use after free in Windows Deployment
Services allows an unauthor
NOT-FOR-US: Microsoft
CVE-2026-42986 (Use after free in Microsoft Graphics Component allows an
authorized at ...)
NOT-FOR-US: Microsoft
-CVE-2026-42985 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+CVE-2026-42985 (Use after free in Remote Desktop Client allows an unauthorized
attacke ...)
NOT-FOR-US: Microsoft
CVE-2026-42984 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
NOT-FOR-US: Microsoft
@@ -20241,27 +20508,27 @@ CVE-2026-42978 (Concurrent execution using shared
resource with improper synchro
NOT-FOR-US: Microsoft
CVE-2026-42977 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
-CVE-2026-42974 (Integer underflow (wrap or wraparound) in Windows Performance
Monitor ...)
+CVE-2026-42974 (Integer overflow or wraparound in Windows Performance Monitor
allows a ...)
NOT-FOR-US: Microsoft
-CVE-2026-42973 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
+CVE-2026-42973 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
NOT-FOR-US: Microsoft
CVE-2026-42972 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
NOT-FOR-US: Microsoft
-CVE-2026-42971 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
+CVE-2026-42971 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
NOT-FOR-US: Microsoft
-CVE-2026-42970 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
+CVE-2026-42970 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
NOT-FOR-US: Microsoft
CVE-2026-42969 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
NOT-FOR-US: Microsoft
CVE-2026-42968 (Out-of-bounds read in Windows Telephony Service allows an
authorized a ...)
NOT-FOR-US: Microsoft
-CVE-2026-42916 (Integer underflow (wrap or wraparound) in Windows NT OS Kernel
allows ...)
+CVE-2026-42916 (Integer overflow or wraparound in Windows NT OS Kernel allows
an autho ...)
NOT-FOR-US: Microsoft
CVE-2026-42915 (Incorrect calculation of buffer size in Windows VMSwitch
allows an aut ...)
NOT-FOR-US: Microsoft
-CVE-2026-42914 (Windows Kerberos Denial of Service Vulnerability)
+CVE-2026-42914 (Out-of-bounds read in Windows Kerberos allows an authorized
attacker t ...)
NOT-FOR-US: Microsoft
-CVE-2026-42913 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+CVE-2026-42913 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-42912 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
@@ -20269,7 +20536,7 @@ CVE-2026-42911 (Use after free in Windows Ancillary
Function Driver for WinSock
NOT-FOR-US: Microsoft
CVE-2026-42910 (Out-of-bounds write in Windows Hotpatch Monitoring Service
allows an a ...)
NOT-FOR-US: Microsoft
-CVE-2026-42909 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
+CVE-2026-42909 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-42908 (Out-of-bounds read in Windows RDP allows an unauthorized
attacker to d ...)
NOT-FOR-US: Microsoft
@@ -20285,7 +20552,7 @@ CVE-2026-42903 (Null pointer dereference in Windows
Kerberos allows an authorize
NOT-FOR-US: Microsoft
CVE-2026-42902 (Improper authorization in Microsoft PowerToys allows an
authorized att ...)
NOT-FOR-US: Microsoft
-CVE-2026-42837 (Buffer over-read in Windows Projected File System Filter
Driver allows ...)
+CVE-2026-42837 (Out-of-bounds read in Windows Projected File System Filter
Driver allo ...)
NOT-FOR-US: Microsoft
CVE-2026-42836 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
@@ -22461,7 +22728,7 @@ CVE-2026-45291 (Cloudburst Network provides network
components used within Cloud
NOT-FOR-US: Cloudburst Network
CVE-2026-45290 (Cloudburst Network provides network components used within
Cloudburst ...)
NOT-FOR-US: Cloudburst Network
-CVE-2026-42824 (Missing authentication for critical function in M365 Copilot
allows an ...)
+CVE-2026-42824 (Improper neutralization of special elements used in a command
('comman ...)
NOT-FOR-US: Microsoft
CVE-2026-41567 (Moby is an open source container framework. In versions prior
to 29.5. ...)
- docker.io 28.5.2+dfsg4-3 (bug #1139965)
@@ -101527,9 +101794,9 @@ CVE-2025-67147 (Multiple SQL Injection
vulnerabilities exist in amansuryawanshi
NOT-FOR-US: amansuryawanshi Gym-Management-System-PHP
CVE-2025-67146 (Multiple SQL Injection vulnerabilities exist in AbhishekMali21
GYM-MAN ...)
NOT-FOR-US: AbhishekMali21 GYM-MANAGEMENT-SYSTEM
-CVE-2025-66177 (There is a Stack overflow Vulnerability in the device Search
and Disco ...)
+CVE-2025-66177 (There is a Buffer overflow Vulnerability in the device Search
and Disc ...)
NOT-FOR-US: Hikvision
-CVE-2025-66176 (There is a Stack overflow Vulnerability in the device Search
and Disco ...)
+CVE-2025-66176 (There is a Buffer overflow Vulnerability in the device Search
and Disc ...)
NOT-FOR-US: Hikvision
CVE-2025-41717 (An unauthenticated remote attacker can trick a high privileged
user in ...)
NOT-FOR-US: Phoenix Contact
@@ -355974,7 +356241,7 @@ CVE-2023-39418 (A vulnerability was found in
PostgreSQL with the use of the MERG
NOTE:
https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
(REL_15_4)
CVE-2023-39417 (IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was
found in Po ...)
- {DSA-5554-1 DSA-5553-1 DLA-3600-1}
+ {DSA-6385-1 DSA-5554-1 DSA-5553-1 DLA-3600-1}
- postgresql-15 15.4-1
- postgresql-13 <removed>
- postgresql-11 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b1f2ee79308f39d5fbd6313a82868cc1033c0ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b1f2ee79308f39d5fbd6313a82868cc1033c0ee
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits