Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
313bb55c by security tracker role at 2026-07-10T07:13:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,289 @@
+CVE-2026-60120 (Bagisto before 2.4.4 contains a stored cross-site scripting
vulnerabil ...)
+ TODO: check
+CVE-2026-5069 (The Fluent Forms plugin for WordPress is vulnerable to
incorrect autho ...)
+ TODO: check
+CVE-2026-59858 (Vim is an open source, command line text editor. Prior to
9.2.0735, th ...)
+ TODO: check
+CVE-2026-59857 (Vim is an open source, command line text editor. Prior to
9.2.0725, th ...)
+ TODO: check
+CVE-2026-59856 (Vim is an open source, command line text editor. Prior to
9.2.0736, th ...)
+ TODO: check
+CVE-2026-59855 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-59854 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-59853 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-59834 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-59833 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-59832 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-59831 (GitHub CLI (gh) is GitHub\u2019s official command line tool.
From 2.10 ...)
+ TODO: check
+CVE-2026-59828 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-58144 (Cotonti Siena 0.9.26 and earlier contains a stored cross-site
scriptin ...)
+ TODO: check
+CVE-2026-58143 (Cotonti Siena 0.9.26 and earlier contains a cross-site request
forgery ...)
+ TODO: check
+CVE-2026-58123 (Hermes WebUI before 0.51.788 contains an unauthenticated
remote code e ...)
+ TODO: check
+CVE-2026-58122 (Hermes WebUI before 0.51.307 contains an authentication bypass
vulnera ...)
+ TODO: check
+CVE-2026-57501 (Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance
and spl ...)
+ TODO: check
+CVE-2026-57054 (A Use of Incorrectly-Resolved Name or Reference vulnerability
in the U ...)
+ TODO: check
+CVE-2026-57032 (An Improper Handling of Undefined Parameters vulnerability in
the pack ...)
+ TODO: check
+CVE-2026-57031 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2026-57030 (A Concurrent Execution using Shared Resource with Improper
Synchroniza ...)
+ TODO: check
+CVE-2026-57029 (AMissing Synchronization vulnerability in the flow collector
handler o ...)
+ TODO: check
+CVE-2026-57028 (An Improper Restriction of Communication Channel to Intended
Endpoints ...)
+ TODO: check
+CVE-2026-57027 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
+ TODO: check
+CVE-2026-57026 (An Improper Validation of Syntactic Correctness of Input
vulnerability ...)
+ TODO: check
+CVE-2026-57025 (A Return of Pointer Value Outside of Expected Range
vulnerability in t ...)
+ TODO: check
+CVE-2026-57024 (A Use of Multiple Resources with Duplicate Identifier
vulnerability in ...)
+ TODO: check
+CVE-2026-57023 (An Improper Validation of Specified Quantity in Input
vulnerability in ...)
+ TODO: check
+CVE-2026-57022 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2026-57021 (An Out-of-bounds Write vulnerability in the http-gatekeeper
(http-gk) ...)
+ TODO: check
+CVE-2026-57020 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2026-57019 (An Improper Validation of Specified Quantity in Input
vulnerability in ...)
+ TODO: check
+CVE-2026-55865 (Python Liquid is a Python engine for the Liquid template
language. Pri ...)
+ TODO: check
+CVE-2026-55689 (OpenFGA is an authorization/permission engine built for
developers. Pr ...)
+ TODO: check
+CVE-2026-55616
+ REJECTED
+CVE-2026-55615 (Langroid is a framework for building
large-language-model-powered appl ...)
+ TODO: check
+CVE-2026-55605 (DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting
in vers ...)
+ TODO: check
+CVE-2026-55604 (DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting
in vers ...)
+ TODO: check
+CVE-2026-55424 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-55212 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
+ TODO: check
+CVE-2026-55208 (Pimcore Studio Backend Bundle is the backend bundle for
Pimcore Studio ...)
+ TODO: check
+CVE-2026-55207 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
+ TODO: check
+CVE-2026-55170 (OpenFGA is an authorization/permission engine built for
developers. Pr ...)
+ TODO: check
+CVE-2026-54771 (Langroid is a framework for building
large-language-model-powered appl ...)
+ TODO: check
+CVE-2026-54769 (Langroid is a framework for building
large-language-model-powered appl ...)
+ TODO: check
+CVE-2026-54760 (Langroid is a framework for building
large-language-model-powered appl ...)
+ TODO: check
+CVE-2026-53963 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-53962 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-53961 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-51926 (An issue in docuForm GmbH FSM Client v.11.11c allows a remote
attacker ...)
+ TODO: check
+CVE-2026-51925 (A Local File Inclusion (LFI) vulnerability exists in docuForm
GmbH Cli ...)
+ TODO: check
+CVE-2026-51924 (An issue in docuForm GmbH Client v.11.11c allows a remote
attacker to ...)
+ TODO: check
+CVE-2026-51923 (An Insecure Direct Object Reference (IDOR) vulnerability
exists in doc ...)
+ TODO: check
+CVE-2026-50181 (Langroid is a framework for building
large-language-model-powered appl ...)
+ TODO: check
+CVE-2026-50180 (Langroid is a framework for building
large-language-model-powered appl ...)
+ TODO: check
+CVE-2026-49256 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-46413 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-45788 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-45780 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-44787 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
+ TODO: check
+CVE-2026-44342 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
+ TODO: check
+CVE-2026-39246 (decompress before 4.2.2 allows arbitrary symlink creation
during archi ...)
+ TODO: check
+CVE-2026-39245 (decompress before 4.2.2 contains an improper path containment
check th ...)
+ TODO: check
+CVE-2026-39243 (decompress before 4.2.2 allows arbitrary hardlink creation
during arch ...)
+ TODO: check
+CVE-2026-38076 (An integer overflow in the jbig2_arith_iaid_ctx_new() function
of Arti ...)
+ TODO: check
+CVE-2026-33803 (An Improper Restriction of Communication Channel to Intended
Endpoints ...)
+ TODO: check
+CVE-2026-33802 (A Missing Authorization vulnerability in the CLI of Juniper
Networks J ...)
+ TODO: check
+CVE-2026-33801 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2026-33800 (An Unchecked Input for Loop Condition vulnerability in the
Packet Forw ...)
+ TODO: check
+CVE-2026-33799 (An Out-of-bounds Write vulnerability in the SNMP daemon
(snmpd) of Jun ...)
+ TODO: check
+CVE-2026-33794 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2026-33655 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
+ TODO: check
+CVE-2026-31267 (Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is
vulnerable to Buf ...)
+ TODO: check
+CVE-2026-21901 (A NULL Pointer Dereference vulnerability in the management
daemon (mgd ...)
+ TODO: check
+CVE-2026-21057 (Improper input validation in Samsung Pass prior to version
5.2.10.3 al ...)
+ TODO: check
+CVE-2026-21056 (Improper authorization in Samsung Health prior to version
7.00.0.107 a ...)
+ TODO: check
+CVE-2026-21055 (Improper export of android application components in Bixby
prior to ve ...)
+ TODO: check
+CVE-2026-21054 (Improper export of android application components in
InputSharing prio ...)
+ TODO: check
+CVE-2026-21053 (Improper input validation in Samsung Email prior to version
6.2.13.1 a ...)
+ TODO: check
+CVE-2026-21052 (Path traversal in SemClipboardService prior to SMR Jul-2026
Release 1 ...)
+ TODO: check
+CVE-2026-21051 (Incorrect default permissions in WLAN security prior to SMR
Jul-2026 R ...)
+ TODO: check
+CVE-2026-21050 (Improper access control in SmartThingsKit prior to SMR
Jul-2026 Releas ...)
+ TODO: check
+CVE-2026-21049 (Out-of-bounds write in libpadm.so library prior to SMR
Jul-2026 Releas ...)
+ TODO: check
+CVE-2026-21048 (Out-of-bounds write in parsing DNG format in
libimagecodec.media.quram ...)
+ TODO: check
+CVE-2026-21046 (Time-of-check time-of-use race condition in fabricKeymaster
trustlet p ...)
+ TODO: check
+CVE-2026-21045 (Out-of-bounds write in parsing TIFF format in
libimagecodec.media.qura ...)
+ TODO: check
+CVE-2026-21044 (Improper authorization in KnoxGuardManager prior to SMR
Jul-2026 Relea ...)
+ TODO: check
+CVE-2026-21043 (Path traversal in Wallpaper service prior to SMR Jul-2026
Release 1 al ...)
+ TODO: check
+CVE-2026-21042 (Out-of-bounds write in libsavsac.so prior to SMR Jul-2026
Release 1 al ...)
+ TODO: check
+CVE-2026-21041 (Improper access control in SamsungSEAgentService prior to SMR
Jul-2026 ...)
+ TODO: check
+CVE-2026-21040 (Improper access control in IAFDService prior to SMR Jul-2026
Release 1 ...)
+ TODO: check
+CVE-2026-21039 (Improper access control in Settings prior to SMR Jul-2026
Release 1 al ...)
+ TODO: check
+CVE-2026-15332 (A security flaw has been discovered in zhayujie CowAgent up to
2.1.0. ...)
+ TODO: check
+CVE-2026-15331 (A vulnerability was identified in zhayujie CowAgent up to
2.1.0. The a ...)
+ TODO: check
+CVE-2026-15330 (A vulnerability was determined in zhayujie CowAgent up to
2.1.1. Impac ...)
+ TODO: check
+CVE-2026-15329 (A vulnerability was found in zhayujie CowAgent up to 2.1.0.
This issue ...)
+ TODO: check
+CVE-2026-15326 (A vulnerability was identified in halo-dev halo up to 2.24.2.
This aff ...)
+ TODO: check
+CVE-2026-15321 (A vulnerability was found in MyEMS up to 6.4.0. The affected
element i ...)
+ TODO: check
+CVE-2026-15320 (A vulnerability was detected in Sipeed PicoClaw up to 0.2.9.
This vuln ...)
+ TODO: check
+CVE-2026-15319 (A security vulnerability has been detected in Sipeed PicoClaw
up to 0. ...)
+ TODO: check
+CVE-2026-15318 (A weakness has been identified in Sipeed PicoClaw up to 0.2.9.
Affecte ...)
+ TODO: check
+CVE-2026-15317 (A security flaw has been discovered in Sipeed PicoClaw up to
0.2.9. Af ...)
+ TODO: check
+CVE-2026-15311 (A vulnerability was identified in NousResearch hermes-agent up
to 2026 ...)
+ TODO: check
+CVE-2026-15302 (The ARMember plugin for WordPress is vulnerable to Directory
Traversal ...)
+ TODO: check
+CVE-2026-15301 (The BuddyHolis TableSearch plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2026-15300 (The GEO my WP plugin for WordPress was vulnerable to SQL
Injection via ...)
+ TODO: check
+CVE-2026-15299 (The Animation Addons for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-15298 (The TelSender plugin for WordPress is vulnerable to DOM-Based
Cross-Si ...)
+ TODO: check
+CVE-2026-15297 (The Newsletter, SMTP, Email marketing and Subscribe forms by
Brevo (fo ...)
+ TODO: check
+CVE-2026-15296 (The affiliate-toolkit \u2013 WP Affiliate Plugin with Amazon
plugin fo ...)
+ TODO: check
+CVE-2026-15293 (The WP Business Intelligence Lite plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-15292 (The Sudoku Shortcode plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-15291 (The Chat Help \u2013 Click to Chat Button & Form plugin for
WordPress ...)
+ TODO: check
+CVE-2026-15290 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
+ TODO: check
+CVE-2026-15289 (The Booking calendar, Appointment Booking System plugin for
WordPress ...)
+ TODO: check
+CVE-2026-15288 (The SureForms \u2013 Drag and Drop Form Builder for WordPress
plugin f ...)
+ TODO: check
+CVE-2026-15287 (The rtMedia for WordPress, BuddyPress and bbPress plugin for
WordPress ...)
+ TODO: check
+CVE-2026-15286 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder
Feature ...)
+ TODO: check
+CVE-2026-15285 (The Plus Addons for Elementor plugin for WordPress was
vulnerable to A ...)
+ TODO: check
+CVE-2026-15284 (The King Addons for Elementor plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2026-15283 (The WPvivid Backup for MainWP plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2026-15282 (The Instant Appointment plugin for WordPress is vulnerable to
arbitrar ...)
+ TODO: check
+CVE-2026-15276 (A flaw has been found in pdeljanov Symphonia up to 0.6.0. This
vulnera ...)
+ TODO: check
+CVE-2026-15274 (A vulnerability was detected in lo48576 fbxcel up to 0.9.0.
This affec ...)
+ TODO: check
+CVE-2026-15271 (A security vulnerability has been detected in TOTOLINK
A3000RU, A3100R ...)
+ TODO: check
+CVE-2026-15270 (A weakness has been identified in D-link DIR-823G
1.0.2B05_20181207. A ...)
+ TODO: check
+CVE-2026-15070 (The Salon Booking System \u2013 Free Version plugin for
WordPress is v ...)
+ TODO: check
+CVE-2026-14894 (The Super Forms \u2013 Drag & Drop Form Builder plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-13430 (The Post Export Import with Media plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-12685 (The EscortWP escortwp WordPress theme through 3.6.2 was
distributed wi ...)
+ TODO: check
+CVE-2026-12598 (The LoginPress Pro plugin for WordPress is vulnerable to
authenticatio ...)
+ TODO: check
+CVE-2026-12597 (The LoginPress Pro plugin for WordPress is vulnerable to
Authenticatio ...)
+ TODO: check
+CVE-2026-12595 (The LoginPress Pro plugin for WordPress is vulnerable to
Authenticatio ...)
+ TODO: check
+CVE-2026-12276 (The LA-Studio Element Kit for Elementor WordPress plugin
before 1.6.1 ...)
+ TODO: check
+CVE-2026-12123 (The All-in-One Video Gallery plugin for WordPress is
vulnerable to Ser ...)
+ TODO: check
+CVE-2026-11818 (The WPCafe \u2013 Restaurant Menu, Online Food Ordering &
Table Bookin ...)
+ TODO: check
+CVE-2026-11392 (The WP Hotel Booking plugin for WordPress is vulnerable to
Reflected C ...)
+ TODO: check
+CVE-2026-0278 (Multiple protection mechanism failures in the Prisma Access
Agent Data ...)
+ TODO: check
+CVE-2026-0277 (An improper certificate validation vulnerability in the
Prisma\xae Acc ...)
+ TODO: check
+CVE-2026-0276 (A privilege escalation vulnerability in Palo Alto Networks
Cortex\xae ...)
+ TODO: check
+CVE-2026-0275 (A local privilege escalation vulnerability in Palo Alto
Networks Prism ...)
+ TODO: check
+CVE-2025-45422 (Incorrect access control in Proximus b-box v8c.725A allows
authenticat ...)
+ TODO: check
CVE-2026-14741
- libhttp-date-perl 6.08-1
[trixie] - libhttp-date-perl <no-dsa> (Minor issue)
@@ -356,11 +642,11 @@ CVE-2026-57825
NOTE: https://github.com/ocaml/opam/pull/7005
NOTE: Testcase:
https://github.com/ocaml/opam/commit/362f5dc08c1436be964e14aa50a5837050124d36
(2.5.2)
NOTE: Fixed by:
https://github.com/ocaml/opam/commit/175a5d777806ad32fa6cdd95f2501dc4bd5e584e
(2.5.2)
-CVE-2026-44918
+CVE-2026-44918 (OpenStack Ironic through before 37.0.1 allows creation or
modification ...)
- ironic 1:35.0.1-8 (bug #1141716)
[trixie] - ironic <no-dsa> (Minor issue)
NOTE: https://security.openstack.org/ossa/OSSA-2026-026.html
-CVE-2026-54423
+CVE-2026-54423 (In OpenStack Ironic before 37.0.1, an Ironic user with the
ability to ...)
- ironic 1:35.0.1-8 (bug #1141717)
[trixie] - ironic <no-dsa> (Minor issue)
NOTE: https://security.openstack.org/ossa/OSSA-2026-025.html
@@ -56989,7 +57275,8 @@ CVE-2026-40503 (OpenHarness prior to commit dd1d235
contains a path traversal vu
NOT-FOR-US: OpenHarness
CVE-2026-40502 (OpenHarness prior to commit dd1d235 contains a command
injection vulne ...)
NOT-FOR-US: OpenHarness
-CVE-2026-40500 (ProcessWire CMS version 3.0.255 and prior contain a
server-side reques ...)
+CVE-2026-40500
+ REJECTED
NOT-FOR-US: ProcessWire CMS
CVE-2026-40316 (OWASP BLT is a QA testing and vulnerability disclosure
platform that e ...)
NOT-FOR-US: OWASP BLT
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313bb55c98d6c66a3764532cac07ded7a2e740f6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313bb55c98d6c66a3764532cac07ded7a2e740f6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits