Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
313bb55c by security tracker role at 2026-07-10T07:13:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,289 @@
+CVE-2026-60120 (Bagisto before 2.4.4 contains a stored cross-site scripting 
vulnerabil ...)
+       TODO: check
+CVE-2026-5069 (The Fluent Forms plugin for WordPress is vulnerable to 
incorrect autho ...)
+       TODO: check
+CVE-2026-59858 (Vim is an open source, command line text editor. Prior to 
9.2.0735, th ...)
+       TODO: check
+CVE-2026-59857 (Vim is an open source, command line text editor. Prior to 
9.2.0725, th ...)
+       TODO: check
+CVE-2026-59856 (Vim is an open source, command line text editor. Prior to 
9.2.0736, th ...)
+       TODO: check
+CVE-2026-59855 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-59854 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-59853 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-59834 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-59833 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-59832 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-59831 (GitHub CLI (gh) is GitHub\u2019s official command line tool. 
From 2.10 ...)
+       TODO: check
+CVE-2026-59828 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-58144 (Cotonti Siena 0.9.26 and earlier contains a stored cross-site 
scriptin ...)
+       TODO: check
+CVE-2026-58143 (Cotonti Siena 0.9.26 and earlier contains a cross-site request 
forgery ...)
+       TODO: check
+CVE-2026-58123 (Hermes WebUI before 0.51.788 contains an unauthenticated 
remote code e ...)
+       TODO: check
+CVE-2026-58122 (Hermes WebUI before 0.51.307 contains an authentication bypass 
vulnera ...)
+       TODO: check
+CVE-2026-57501 (Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance 
and spl ...)
+       TODO: check
+CVE-2026-57054 (A Use of Incorrectly-Resolved Name or Reference vulnerability 
in the U ...)
+       TODO: check
+CVE-2026-57032 (An Improper Handling of Undefined Parameters vulnerability in 
the pack ...)
+       TODO: check
+CVE-2026-57031 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2026-57030 (A Concurrent Execution using Shared Resource with Improper 
Synchroniza ...)
+       TODO: check
+CVE-2026-57029 (AMissing Synchronization vulnerability in the flow collector 
handler o ...)
+       TODO: check
+CVE-2026-57028 (An Improper Restriction of Communication Channel to Intended 
Endpoints ...)
+       TODO: check
+CVE-2026-57027 (A Missing Release of Memory after Effective Lifetime 
vulnerability in  ...)
+       TODO: check
+CVE-2026-57026 (An Improper Validation of Syntactic Correctness of Input 
vulnerability ...)
+       TODO: check
+CVE-2026-57025 (A Return of Pointer Value Outside of Expected Range 
vulnerability in t ...)
+       TODO: check
+CVE-2026-57024 (A Use of Multiple Resources with Duplicate Identifier 
vulnerability in ...)
+       TODO: check
+CVE-2026-57023 (An Improper Validation of Specified Quantity in Input 
vulnerability in ...)
+       TODO: check
+CVE-2026-57022 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2026-57021 (An Out-of-bounds Write vulnerability in the http-gatekeeper 
(http-gk)  ...)
+       TODO: check
+CVE-2026-57020 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2026-57019 (An Improper Validation of Specified Quantity in Input 
vulnerability in ...)
+       TODO: check
+CVE-2026-55865 (Python Liquid is a Python engine for the Liquid template 
language. Pri ...)
+       TODO: check
+CVE-2026-55689 (OpenFGA is an authorization/permission engine built for 
developers. Pr ...)
+       TODO: check
+CVE-2026-55616
+       REJECTED
+CVE-2026-55615 (Langroid is a framework for building 
large-language-model-powered appl ...)
+       TODO: check
+CVE-2026-55605 (DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting 
in vers ...)
+       TODO: check
+CVE-2026-55604 (DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting 
in vers ...)
+       TODO: check
+CVE-2026-55424 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-55212 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
+       TODO: check
+CVE-2026-55208 (Pimcore Studio Backend Bundle is the backend bundle for 
Pimcore Studio ...)
+       TODO: check
+CVE-2026-55207 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
+       TODO: check
+CVE-2026-55170 (OpenFGA is an authorization/permission engine built for 
developers. Pr ...)
+       TODO: check
+CVE-2026-54771 (Langroid is a framework for building 
large-language-model-powered appl ...)
+       TODO: check
+CVE-2026-54769 (Langroid is a framework for building 
large-language-model-powered appl ...)
+       TODO: check
+CVE-2026-54760 (Langroid is a framework for building 
large-language-model-powered appl ...)
+       TODO: check
+CVE-2026-53963 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-53962 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-53961 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-51926 (An issue in docuForm GmbH FSM Client v.11.11c allows a remote 
attacker ...)
+       TODO: check
+CVE-2026-51925 (A Local File Inclusion (LFI) vulnerability exists in docuForm 
GmbH Cli ...)
+       TODO: check
+CVE-2026-51924 (An issue in docuForm GmbH Client v.11.11c allows a remote 
attacker to  ...)
+       TODO: check
+CVE-2026-51923 (An Insecure Direct Object Reference (IDOR) vulnerability 
exists in doc ...)
+       TODO: check
+CVE-2026-50181 (Langroid is a framework for building 
large-language-model-powered appl ...)
+       TODO: check
+CVE-2026-50180 (Langroid is a framework for building 
large-language-model-powered appl ...)
+       TODO: check
+CVE-2026-49256 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-46413 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-45788 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-45780 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-44787 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
+       TODO: check
+CVE-2026-44342 (New API is a large language mode (LLM) gateway and artificial 
intellig ...)
+       TODO: check
+CVE-2026-39246 (decompress before 4.2.2 allows arbitrary symlink creation 
during archi ...)
+       TODO: check
+CVE-2026-39245 (decompress before 4.2.2 contains an improper path containment 
check th ...)
+       TODO: check
+CVE-2026-39243 (decompress before 4.2.2 allows arbitrary hardlink creation 
during arch ...)
+       TODO: check
+CVE-2026-38076 (An integer overflow in the jbig2_arith_iaid_ctx_new() function 
of Arti ...)
+       TODO: check
+CVE-2026-33803 (An Improper Restriction of Communication Channel to Intended 
Endpoints ...)
+       TODO: check
+CVE-2026-33802 (A Missing Authorization vulnerability in the CLI of Juniper 
Networks J ...)
+       TODO: check
+CVE-2026-33801 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2026-33800 (An Unchecked Input for Loop Condition vulnerability in the 
Packet Forw ...)
+       TODO: check
+CVE-2026-33799 (An Out-of-bounds Write vulnerability in the SNMP daemon 
(snmpd) of Jun ...)
+       TODO: check
+CVE-2026-33794 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2026-33655 (New API is a large language mode (LLM) gateway and artificial 
intellig ...)
+       TODO: check
+CVE-2026-31267 (Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is 
vulnerable to Buf ...)
+       TODO: check
+CVE-2026-21901 (A NULL Pointer Dereference vulnerability in the management 
daemon (mgd ...)
+       TODO: check
+CVE-2026-21057 (Improper input validation in Samsung Pass prior to version 
5.2.10.3 al ...)
+       TODO: check
+CVE-2026-21056 (Improper authorization in Samsung Health prior to version 
7.00.0.107 a ...)
+       TODO: check
+CVE-2026-21055 (Improper export of android application components in Bixby 
prior to ve ...)
+       TODO: check
+CVE-2026-21054 (Improper export of android application components in 
InputSharing prio ...)
+       TODO: check
+CVE-2026-21053 (Improper input validation in Samsung Email prior to version 
6.2.13.1 a ...)
+       TODO: check
+CVE-2026-21052 (Path traversal in SemClipboardService prior to SMR Jul-2026 
Release 1  ...)
+       TODO: check
+CVE-2026-21051 (Incorrect default permissions in WLAN security prior to SMR 
Jul-2026 R ...)
+       TODO: check
+CVE-2026-21050 (Improper access control in SmartThingsKit prior to SMR 
Jul-2026 Releas ...)
+       TODO: check
+CVE-2026-21049 (Out-of-bounds write in libpadm.so library prior to SMR 
Jul-2026 Releas ...)
+       TODO: check
+CVE-2026-21048 (Out-of-bounds write in parsing DNG format in 
libimagecodec.media.quram ...)
+       TODO: check
+CVE-2026-21046 (Time-of-check time-of-use race condition in fabricKeymaster 
trustlet p ...)
+       TODO: check
+CVE-2026-21045 (Out-of-bounds write in parsing TIFF format in 
libimagecodec.media.qura ...)
+       TODO: check
+CVE-2026-21044 (Improper authorization in KnoxGuardManager prior to SMR 
Jul-2026 Relea ...)
+       TODO: check
+CVE-2026-21043 (Path traversal in Wallpaper service prior to SMR Jul-2026 
Release 1 al ...)
+       TODO: check
+CVE-2026-21042 (Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 
Release 1 al ...)
+       TODO: check
+CVE-2026-21041 (Improper access control in SamsungSEAgentService prior to SMR 
Jul-2026 ...)
+       TODO: check
+CVE-2026-21040 (Improper access control in IAFDService prior to SMR Jul-2026 
Release 1 ...)
+       TODO: check
+CVE-2026-21039 (Improper access control in Settings prior to SMR Jul-2026 
Release 1 al ...)
+       TODO: check
+CVE-2026-15332 (A security flaw has been discovered in zhayujie CowAgent up to 
2.1.0.  ...)
+       TODO: check
+CVE-2026-15331 (A vulnerability was identified in zhayujie CowAgent up to 
2.1.0. The a ...)
+       TODO: check
+CVE-2026-15330 (A vulnerability was determined in zhayujie CowAgent up to 
2.1.1. Impac ...)
+       TODO: check
+CVE-2026-15329 (A vulnerability was found in zhayujie CowAgent up to 2.1.0. 
This issue ...)
+       TODO: check
+CVE-2026-15326 (A vulnerability was identified in halo-dev halo up to 2.24.2. 
This aff ...)
+       TODO: check
+CVE-2026-15321 (A vulnerability was found in MyEMS up to 6.4.0. The affected 
element i ...)
+       TODO: check
+CVE-2026-15320 (A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. 
This vuln ...)
+       TODO: check
+CVE-2026-15319 (A security vulnerability has been detected in Sipeed PicoClaw 
up to 0. ...)
+       TODO: check
+CVE-2026-15318 (A weakness has been identified in Sipeed PicoClaw up to 0.2.9. 
Affecte ...)
+       TODO: check
+CVE-2026-15317 (A security flaw has been discovered in Sipeed PicoClaw up to 
0.2.9. Af ...)
+       TODO: check
+CVE-2026-15311 (A vulnerability was identified in NousResearch hermes-agent up 
to 2026 ...)
+       TODO: check
+CVE-2026-15302 (The ARMember plugin for WordPress is vulnerable to Directory 
Traversal ...)
+       TODO: check
+CVE-2026-15301 (The BuddyHolis TableSearch plugin for WordPress is vulnerable 
to Store ...)
+       TODO: check
+CVE-2026-15300 (The GEO my WP plugin for WordPress was vulnerable to SQL 
Injection via ...)
+       TODO: check
+CVE-2026-15299 (The Animation Addons for Elementor plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2026-15298 (The TelSender plugin for WordPress is vulnerable to DOM-Based 
Cross-Si ...)
+       TODO: check
+CVE-2026-15297 (The Newsletter, SMTP, Email marketing and Subscribe forms by 
Brevo (fo ...)
+       TODO: check
+CVE-2026-15296 (The affiliate-toolkit \u2013 WP Affiliate Plugin with Amazon 
plugin fo ...)
+       TODO: check
+CVE-2026-15293 (The WP Business Intelligence Lite plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2026-15292 (The Sudoku Shortcode plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2026-15291 (The Chat Help \u2013 Click to Chat Button & Form plugin for 
WordPress  ...)
+       TODO: check
+CVE-2026-15290 (The Ultimate Member \u2013 User Profile, Registration, Login, 
Member D ...)
+       TODO: check
+CVE-2026-15289 (The Booking calendar, Appointment Booking System plugin for 
WordPress  ...)
+       TODO: check
+CVE-2026-15288 (The SureForms \u2013 Drag and Drop Form Builder for WordPress 
plugin f ...)
+       TODO: check
+CVE-2026-15287 (The rtMedia for WordPress, BuddyPress and bbPress plugin for 
WordPress ...)
+       TODO: check
+CVE-2026-15286 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder 
Feature ...)
+       TODO: check
+CVE-2026-15285 (The Plus Addons for Elementor plugin for WordPress was 
vulnerable to A ...)
+       TODO: check
+CVE-2026-15284 (The King Addons for Elementor plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2026-15283 (The WPvivid Backup for MainWP plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2026-15282 (The Instant Appointment plugin for WordPress is vulnerable to 
arbitrar ...)
+       TODO: check
+CVE-2026-15276 (A flaw has been found in pdeljanov Symphonia up to 0.6.0. This 
vulnera ...)
+       TODO: check
+CVE-2026-15274 (A vulnerability was detected in lo48576 fbxcel up to 0.9.0. 
This affec ...)
+       TODO: check
+CVE-2026-15271 (A security vulnerability has been detected in TOTOLINK 
A3000RU, A3100R ...)
+       TODO: check
+CVE-2026-15270 (A weakness has been identified in D-link DIR-823G 
1.0.2B05_20181207. A ...)
+       TODO: check
+CVE-2026-15070 (The Salon Booking System \u2013 Free Version plugin for 
WordPress is v ...)
+       TODO: check
+CVE-2026-14894 (The Super Forms \u2013 Drag & Drop Form Builder plugin for 
WordPress i ...)
+       TODO: check
+CVE-2026-13430 (The Post Export Import with Media plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2026-12685 (The EscortWP escortwp WordPress theme through 3.6.2 was 
distributed wi ...)
+       TODO: check
+CVE-2026-12598 (The LoginPress Pro plugin for WordPress is vulnerable to 
authenticatio ...)
+       TODO: check
+CVE-2026-12597 (The LoginPress Pro plugin for WordPress is vulnerable to 
Authenticatio ...)
+       TODO: check
+CVE-2026-12595 (The LoginPress Pro plugin for WordPress is vulnerable to 
Authenticatio ...)
+       TODO: check
+CVE-2026-12276 (The LA-Studio Element Kit for Elementor WordPress plugin 
before 1.6.1  ...)
+       TODO: check
+CVE-2026-12123 (The All-in-One Video Gallery plugin for WordPress is 
vulnerable to Ser ...)
+       TODO: check
+CVE-2026-11818 (The WPCafe \u2013 Restaurant Menu, Online Food Ordering & 
Table Bookin ...)
+       TODO: check
+CVE-2026-11392 (The WP Hotel Booking plugin for WordPress is vulnerable to 
Reflected C ...)
+       TODO: check
+CVE-2026-0278 (Multiple protection mechanism failures in the Prisma Access 
Agent Data ...)
+       TODO: check
+CVE-2026-0277 (An improper certificate validation vulnerability in the 
Prisma\xae Acc ...)
+       TODO: check
+CVE-2026-0276 (A privilege escalation vulnerability in Palo Alto Networks 
Cortex\xae  ...)
+       TODO: check
+CVE-2026-0275 (A local privilege escalation vulnerability in Palo Alto 
Networks Prism ...)
+       TODO: check
+CVE-2025-45422 (Incorrect access control in Proximus b-box v8c.725A allows 
authenticat ...)
+       TODO: check
 CVE-2026-14741
        - libhttp-date-perl 6.08-1
        [trixie] - libhttp-date-perl <no-dsa> (Minor issue)
@@ -356,11 +642,11 @@ CVE-2026-57825
        NOTE: https://github.com/ocaml/opam/pull/7005
        NOTE: Testcase: 
https://github.com/ocaml/opam/commit/362f5dc08c1436be964e14aa50a5837050124d36 
(2.5.2)
        NOTE: Fixed by: 
https://github.com/ocaml/opam/commit/175a5d777806ad32fa6cdd95f2501dc4bd5e584e 
(2.5.2)
-CVE-2026-44918
+CVE-2026-44918 (OpenStack Ironic through before 37.0.1 allows creation or 
modification ...)
        - ironic 1:35.0.1-8 (bug #1141716)
        [trixie] - ironic <no-dsa> (Minor issue)
        NOTE: https://security.openstack.org/ossa/OSSA-2026-026.html
-CVE-2026-54423
+CVE-2026-54423 (In OpenStack Ironic before 37.0.1, an Ironic user with the 
ability to  ...)
        - ironic 1:35.0.1-8 (bug #1141717)
        [trixie] - ironic <no-dsa> (Minor issue)
        NOTE: https://security.openstack.org/ossa/OSSA-2026-025.html
@@ -56989,7 +57275,8 @@ CVE-2026-40503 (OpenHarness prior to commit dd1d235 
contains a path traversal vu
        NOT-FOR-US: OpenHarness
 CVE-2026-40502 (OpenHarness prior to commit dd1d235 contains a command 
injection vulne ...)
        NOT-FOR-US: OpenHarness
-CVE-2026-40500 (ProcessWire CMS version 3.0.255 and prior contain a 
server-side reques ...)
+CVE-2026-40500
+       REJECTED
        NOT-FOR-US: ProcessWire CMS
 CVE-2026-40316 (OWASP BLT is a QA testing and vulnerability disclosure 
platform that e ...)
        NOT-FOR-US: OWASP BLT



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313bb55c98d6c66a3764532cac07ded7a2e740f6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313bb55c98d6c66a3764532cac07ded7a2e740f6
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to