Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c5e295dc by security tracker role at 2026-07-10T19:13:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,340 @@
-CVE-2026-53363 [xfrm: iptfs: preserve shared-frag marker in
iptfs_consume_frags()]
+CVE-2026-9857 (The Invoice123 plugin for WordPress is vulnerable to
authorization byp ...)
+ TODO: check
+CVE-2026-9838 (The ICS Calendar plugin for WordPress is vulnerable to
Reflected Cross ...)
+ TODO: check
+CVE-2026-8609 (An unauthenticated attacker can repeatedly call Grafana's OAuth
login ...)
+ TODO: check
+CVE-2026-8595 (A user with Editor permissions can craft a dashboard whose
table (Tabl ...)
+ TODO: check
+CVE-2026-6872
+ REJECTED
+CVE-2026-6802 (The Easy Upload Files During Checkout plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2026-6440 (The GoodMeet \u2013 Google Meet Integration for Webinar,
Meeting & Vid ...)
+ TODO: check
+CVE-2026-6212 (Authorization bypass through User-Controlled key vulnerability
in Tera ...)
+ TODO: check
+CVE-2026-61492 (In JetBrains YouTrack before 2026.2.17394 stored XSS via
article title ...)
+ TODO: check
+CVE-2026-61461 (Dify before 1.16.0-rc1 contains a SQL injection vulnerability
in the M ...)
+ TODO: check
+CVE-2026-61460 (Krayin CRM through 2.2.3 contains an insecure direct object
reference ...)
+ TODO: check
+CVE-2026-61459 (MCP Server Kubernetes before 3.9.0 contains an argument
injection vuln ...)
+ TODO: check
+CVE-2026-61456 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3
fails to sa ...)
+ TODO: check
+CVE-2026-61455 (Grav before 2.0.1 contains a decompression bomb vulnerability
in ZipAr ...)
+ TODO: check
+CVE-2026-61450 (Grav before 2.0.2 contains a Twig sandbox bypass that allows a
page au ...)
+ TODO: check
+CVE-2026-61444 (PraisonAI versions before 4.6.78 contain a code injection
vulnerabilit ...)
+ TODO: check
+CVE-2026-61441 (PraisonAI Platform (praisonai-platform) before 0.1.9
improperly author ...)
+ TODO: check
+CVE-2026-61437 (PraisonAI (pip package praisonaiagents) before 1.6.78 contains
an unsa ...)
+ TODO: check
+CVE-2026-61434 (PraisonAI versions before 4.6.78 contain an allowlist bypass
vulnerabi ...)
+ TODO: check
+CVE-2026-61432 (PraisonAI (praisonaiagents) before 1.6.78 contains a path
traversal vu ...)
+ TODO: check
+CVE-2026-61431 (PraisonAI before 4.6.78 contains a path traversal
vulnerability in Con ...)
+ TODO: check
+CVE-2026-60091 (PraisonAI before 4.6.78 contains an unauthenticated
server-side reques ...)
+ TODO: check
+CVE-2026-60089 (PraisonAI (pip package praisonaiagents) before 1.6.78
automatically lo ...)
+ TODO: check
+CVE-2026-60086 (PraisonAI before 4.6.78 contains a prompt injection defense
bypass vul ...)
+ TODO: check
+CVE-2026-5801 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2026-59796 (In JetBrains TeamCity before 2026.1.2 pipeline modification
was possib ...)
+ TODO: check
+CVE-2026-59795 (In JetBrains TeamCity before 2026.1.2 stored XSS via
unauthenticated a ...)
+ TODO: check
+CVE-2026-59794 (In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud
profile ...)
+ TODO: check
+CVE-2026-59793 (In JetBrains TeamCity before 2026.1.2 arbitrary file access
was possib ...)
+ TODO: check
+CVE-2026-59792 (In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code
execution via ...)
+ TODO: check
+CVE-2026-59791 (In JetBrains YouTrack before 2026.2.17012 cSS injection via
Mermaid di ...)
+ TODO: check
+CVE-2026-59193 (Grav is a file-based Web platform. Prior to 2.0.0, an
authenticated ad ...)
+ TODO: check
+CVE-2026-59190 (grav-plugin-admin is an HTML user interface that provides a
way to con ...)
+ TODO: check
+CVE-2026-59180 (Apprise is an open source library which allows you to send a
notificat ...)
+ TODO: check
+CVE-2026-59162 (Excelize is a Go language library for reading and writing
Microsoft Ex ...)
+ TODO: check
+CVE-2026-59161 (Excelize is a Go language library for reading and writing
Microsoft Ex ...)
+ TODO: check
+CVE-2026-59154 (Wekan is open source kanban built with Meteor. Prior to 9.64,
Wekan ha ...)
+ TODO: check
+CVE-2026-59151 (Prowler is a cloud security platform. Prior to 5.30.3,
Prowler's SAML ...)
+ TODO: check
+CVE-2026-58661 (n8n before 2.28.0 (and before 1.123.58 on the 1.x branch)
contains a d ...)
+ TODO: check
+CVE-2026-58493 (grav-plugin-database is the database plugin for Grav CMS.
Prior to 1.2 ...)
+ TODO: check
+CVE-2026-58492 (grav-plugin-database is the database plugin for Grav CMS.
Prior to 1.2 ...)
+ TODO: check
+CVE-2026-58225 (SQL Injection vulnerability in elixir-ecto postgrex allows an
attacker ...)
+ TODO: check
+CVE-2026-57994 (phpMyFAQ before 4.1.5 applies inconsistent active=yes and
publication- ...)
+ TODO: check
+CVE-2026-57961 (phpMyFAQ before 4.1.5 contains a potential authenticated path
traversa ...)
+ TODO: check
+CVE-2026-57476 (Deloitte AI Assist for Customer exposed unauthenticated API
endpoints ...)
+ TODO: check
+CVE-2026-57475 (Deloitte AI Assist for Customer accepted unauthenticated POST
requests ...)
+ TODO: check
+CVE-2026-57474 (Deloitte AI Assist for Customer disclosed some configuration
informati ...)
+ TODO: check
+CVE-2026-57167 (PeerTube is an ActivityPub-federated video streaming platform.
Prior t ...)
+ TODO: check
+CVE-2026-56814 (Plug.Parsers.MULTIPART, the multipart request-body parser used
to hand ...)
+ TODO: check
+CVE-2026-56813 (Improper Neutralization of Parameter/Argument Delimiters
vulnerability ...)
+ TODO: check
+CVE-2026-56765 (Vikunja before 2.2.1 contains an authorization flaw where the
LinkShar ...)
+ TODO: check
+CVE-2026-56690 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s)
an Improp ...)
+ TODO: check
+CVE-2026-56689 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s)
an Improp ...)
+ TODO: check
+CVE-2026-56688 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s)
an Improp ...)
+ TODO: check
+CVE-2026-56676 (9Router is an AI router & token saver. Prior to 0.5.2, 9router
validat ...)
+ TODO: check
+CVE-2026-56675 (9Router is an AI router & token saver. Prior to 0.5.2, 9router
treats ...)
+ TODO: check
+CVE-2026-56668 (ZITADEL is an open source identity management platform. Prior
to 4.15. ...)
+ TODO: check
+CVE-2026-56667 (ZITADEL is an open source identity management platform. Prior
to 4.15. ...)
+ TODO: check
+CVE-2026-56666 (ZITADEL is an open source identity management platform. Prior
to 4.15. ...)
+ TODO: check
+CVE-2026-56665 (ZITADEL is an open source identity management platform. Prior
to 3.4.1 ...)
+ TODO: check
+CVE-2026-56664 (ZITADEL is an open source identity management platform. Prior
to 3.4.1 ...)
+ TODO: check
+CVE-2026-56373 (ImageMagick before 7.1.2-15 contains a use-after-free
vulnerability in ...)
+ TODO: check
+CVE-2026-56366 (ImageMagick before 7.1.2-18 contains a memory leak
vulnerability in th ...)
+ TODO: check
+CVE-2026-56354 (n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and
2.x branch ...)
+ TODO: check
+CVE-2026-56335 (Capgo before 12.128.2 contains an authorization bypass
vulnerability w ...)
+ TODO: check
+CVE-2026-56329 (Capgo before 12.128.2 contains a cross-tenant preview
namespace collis ...)
+ TODO: check
+CVE-2026-56312 (Capgo before 12.128.2 contains an improper validation
vulnerability in ...)
+ TODO: check
+CVE-2026-56309 (Capgo before 12.128.2 fails to enforce plan/quota restrictions
on the ...)
+ TODO: check
+CVE-2026-56305 (Capgo before 12.128.2 contains an authentication bypass
vulnerability ...)
+ TODO: check
+CVE-2026-56279 (Capgo before 12.128.2 contains an information disclosure
vulnerability ...)
+ TODO: check
+CVE-2026-56261 (Crawl4AI before 0.8.7 contains a server-side request forgery
(SSRF) vu ...)
+ TODO: check
+CVE-2026-56254 (In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2,
the end-to ...)
+ TODO: check
+CVE-2026-55890 (Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's
incompl ...)
+ TODO: check
+CVE-2026-55885 (Grav is a file-based Web platform. Prior to 1.7.53, an
authenticated a ...)
+ TODO: check
+CVE-2026-55843 (Snipe-IT is an IT asset/license management system. Prior to
8.6.0, Use ...)
+ TODO: check
+CVE-2026-55783 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
+ TODO: check
+CVE-2026-55782 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
+ TODO: check
+CVE-2026-55781 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
+ TODO: check
+CVE-2026-55780 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
+ TODO: check
+CVE-2026-55687 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
+ TODO: check
+CVE-2026-55672 (ZITADEL is an open source identity management platform. Prior
to 3.4.1 ...)
+ TODO: check
+CVE-2026-55671 (ZITADEL is an open source identity management platform. From
4.0.0-rc. ...)
+ TODO: check
+CVE-2026-55670 (ZITADEL is an open source identity management platform. Prior
to 4.15. ...)
+ TODO: check
+CVE-2026-55669 (ZITADEL is an open source identity management platform. Prior
to 3.4.1 ...)
+ TODO: check
+CVE-2026-55641 (9Router is an AI router & token saver. Prior to 0.5.2, 9router
determi ...)
+ TODO: check
+CVE-2026-55638 (9Router is an AI router & token saver. Prior to 0.5.2, 9router
protect ...)
+ TODO: check
+CVE-2026-55516 (Snipe-IT is an IT asset/license management system. Prior to
8.6.2, PAT ...)
+ TODO: check
+CVE-2026-55501 (9Router is an AI router & token saver. Prior to 0.4.80, the
dashboard ...)
+ TODO: check
+CVE-2026-55500 (9Router is an AI router & token saver. Prior to 0.4.80, the
/api/setti ...)
+ TODO: check
+CVE-2026-55478 (Snipe-IT is an IT asset/license management system. Prior to
8.6.2, POS ...)
+ TODO: check
+CVE-2026-55476 (Snipe-IT is an IT asset/license management system. Prior to
8.6.0, POS ...)
+ TODO: check
+CVE-2026-55474 (Snipe-IT is an IT asset/license management system. Prior to
8.5.0, Act ...)
+ TODO: check
+CVE-2026-55472 (Snipe-IT is an IT asset/license management system. Prior to
8.6.2, whe ...)
+ TODO: check
+CVE-2026-55464 (Snipe-IT is an IT asset/license management system. Prior to
8.6.2, Com ...)
+ TODO: check
+CVE-2026-55460 (Snipe-IT is an IT asset/license management system. Prior to
8.6.2, an ...)
+ TODO: check
+CVE-2026-54919 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
+ TODO: check
+CVE-2026-54470 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior
contain(s) ...)
+ TODO: check
+CVE-2026-54469 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior,
contain(s) ...)
+ TODO: check
+CVE-2026-54468 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior,
contain(s) ...)
+ TODO: check
+CVE-2026-54329 (Snipe-IT is an IT asset/license management system. Prior to
8.6.2, the ...)
+ TODO: check
+CVE-2026-54149 (MaxKB is an open-source AI assistant for enterprise. Prior to
2.10.0-l ...)
+ TODO: check
+CVE-2026-54063 (Excelize is a Go language library for reading and writing
Microsoft Ex ...)
+ TODO: check
+CVE-2026-54001 (osquery is a SQL powered operating system instrumentation,
monitoring, ...)
+ TODO: check
+CVE-2026-54000 (osquery is a SQL powered operating system instrumentation,
monitoring, ...)
+ TODO: check
+CVE-2026-53780
+ REJECTED
+CVE-2026-53657 (Lima launches Linux virtual machines, typically on macOS, for
running ...)
+ TODO: check
+CVE-2026-53653 (Grav is a file-based Web platform. Prior to 1.7.53 and
2.0.0-rc.8, Gra ...)
+ TODO: check
+CVE-2026-53450 (Coturn is a free open source implementation of TURN and STUN
Server. P ...)
+ TODO: check
+CVE-2026-53449 (Coturn is a free open source implementation of TURN and STUN
Server. P ...)
+ TODO: check
+CVE-2026-53448 (Coturn is a free open source implementation of TURN and STUN
Server. P ...)
+ TODO: check
+CVE-2026-51119 (An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to
escalat ...)
+ TODO: check
+CVE-2026-46388 (osquery is a SQL powered operating system instrumentation,
monitoring, ...)
+ TODO: check
+CVE-2026-41880 (R-SOFT DMS is vulnerable toOS Command Injection in the Optical
Charact ...)
+ TODO: check
+CVE-2026-41879 (R-SOFT DMSstores superadmin credentials using a non-salted
nested MD5 ...)
+ TODO: check
+CVE-2026-41878 (R-SOFT DMS is vulnerable toInsecure Direct Object Reference
(IDOR) att ...)
+ TODO: check
+CVE-2026-41877 (R-SOFT DMS is vulnerable to Stored XSS in file upload
functionality. A ...)
+ TODO: check
+CVE-2026-41876 (R-SOFT DMS is vulnerable toOS Command Injection in
konwertujAction() f ...)
+ TODO: check
+CVE-2026-40454 (Out-of-bounds Read, Improper Input Validation vulnerability in
Apache ...)
+ TODO: check
+CVE-2026-40452 (Incorrect Authorization, Improper Access Control vulnerability
in Apac ...)
+ TODO: check
+CVE-2026-40009 (Improper Privilege Management, Improper Access Control
vulnerability i ...)
+ TODO: check
+CVE-2026-40008 (Use of Externally-Controlled Input to Select Classes or Code
('Unsafe ...)
+ TODO: check
+CVE-2026-40007 (Uncontrolled Recursion, Uncontrolled Resource Consumption
vulnerabilit ...)
+ TODO: check
+CVE-2026-40006 (Memory Allocation with Excessive Size Value, Allocation of
Resources W ...)
+ TODO: check
+CVE-2026-40005 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-3907 (The Hostel plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2026-3251 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-39903 (Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0
Alpha 5 ...)
+ TODO: check
+CVE-2026-39244 (adm-zip before 0.5.18 is vulnerable to denial of service via a
crafted ...)
+ TODO: check
+CVE-2026-38059 (The iDirect iQ200 exposes the /api/identity and /api/ REST API
endpoin ...)
+ TODO: check
+CVE-2026-38057 (The iDirect iQ200 does not validate CSRF tokens on
state-changing API ...)
+ TODO: check
+CVE-2026-33382 (Several Grafana API endpoints, some of them unauthenticated,
do not li ...)
+ TODO: check
+CVE-2026-2398 (Authorization bypass through User-Controlled key vulnerability
in Adam ...)
+ TODO: check
+CVE-2026-2397 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2026-29519 (Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and
7.0.x r ...)
+ TODO: check
+CVE-2026-28564 (Insufficient Session Expiration, Authentication Bypass by
Capture-repl ...)
+ TODO: check
+CVE-2026-22660 (FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a
logic flaw ...)
+ TODO: check
+CVE-2026-22659 (FlaskBB through 2.2.0, fixed in commit acc88cf, contains an
authorizat ...)
+ TODO: check
+CVE-2026-1946 (The GW AI Website Builder plugin for WordPress is vulnerable to
unauth ...)
+ TODO: check
+CVE-2026-1667 (The SEO Plugin by Squirrly SEO plugin for WordPress is
vulnerable to A ...)
+ TODO: check
+CVE-2026-15378 (A flaw was found in the `guardrails-detectors` component. This
vulnera ...)
+ TODO: check
+CVE-2026-15377 (A vulnerability was determined in Eleveo Call Recording
Software 9.7.0 ...)
+ TODO: check
+CVE-2026-15376 (A vulnerability was found in Eleveo Call Recording Software
9.7.0. Aff ...)
+ TODO: check
+CVE-2026-15375 (A vulnerability has been found in Eleveo Call Recording
Software 9.7.0 ...)
+ TODO: check
+CVE-2026-15374 (A flaw has been found in Eleveo Call Recording Software 9.7.0.
This af ...)
+ TODO: check
+CVE-2026-15373 (A vulnerability was detected in Eleveo Call Recording Software
9.7.0. ...)
+ TODO: check
+CVE-2026-15146 (GNU Wget does not validate the IP address provided by an FTP
PASV resp ...)
+ TODO: check
+CVE-2026-15143 (A flaw was found in the file_type content detector of
guardrails-detec ...)
+ TODO: check
+CVE-2026-15104 (The BetterDocs \u2013 AI Documentation, Knowledge Base, Docs,
Wikis, F ...)
+ TODO: check
+CVE-2026-15028 (A flaw was found in libarchive. This vulnerability allows a
remote att ...)
+ TODO: check
+CVE-2026-15026 (The Import and export users and customers plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-14475 (The Cookie Banner for GDPR / CCPA \u2013 WPLP Cookie Consent
plugin fo ...)
+ TODO: check
+CVE-2026-14461 (mtr is vulnerable to Out-of-bound read vulnerability in
ipinfo_lookup( ...)
+ TODO: check
+CVE-2026-13710 (The Jeg Kit for Elementor \u2013 Powerful Addons for
Elementor, Widget ...)
+ TODO: check
+CVE-2026-13347 (The Hide My WP Lite plugin for WordPress is vulnerable to
Arbitrary Fi ...)
+ TODO: check
+CVE-2026-13247 (The Logo Slider \u2013 Logo Carousel, Client Logo Slider &
Brand Showc ...)
+ TODO: check
+CVE-2026-13010 (The JoomSport \u2013 for Sports: Team & League, Football,
Hockey & mor ...)
+ TODO: check
+CVE-2026-12955 (The GDPR Cookie Consent plugin for WordPress is vulnerable to
unauthor ...)
+ TODO: check
+CVE-2026-12924 (The Eventin \u2013 Event Calendar, Event Registration, Tickets
& Booki ...)
+ TODO: check
+CVE-2026-12918 (The Mail Mint \u2013 Email Marketing, Newsletter, Email
Automation & W ...)
+ TODO: check
+CVE-2026-12400 (The FlowForms \u2013 Conversational Form Builder plugin for
WordPress ...)
+ TODO: check
+CVE-2026-12108 (The Highlighting Code Block plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2026-11992 (The Easy Appointments plugin for WordPress is vulnerable to
authorizat ...)
+ TODO: check
+CVE-2026-11990 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
+ TODO: check
+CVE-2025-70796 (An unauthenticated path traversal vulnerability exists in the
web mana ...)
+ TODO: check
+CVE-2025-30008 (HestiaCP before 1.9.5 contains a stored cross-site scripting
vulnerabi ...)
+ TODO: check
+CVE-2025-30007 (HestiaCP before 1.9.5 contains an authenticated OS command
injection v ...)
+ TODO: check
+CVE-2025-12127
+ REJECTED
+CVE-2025-11977 (The Happyforms \u2013 Form Builder for WordPress: Drag & Drop
Contact ...)
+ TODO: check
+CVE-2026-53363 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -655,6 +991,7 @@ CVE-2026-0279 (Multiple cross site scripting
vulnerabilities in the User-ID\u212
CVE-2025-63579 (Unauthorized use of Kyocera printers, allows all information
stored in ...)
NOT-FOR-US: Kyocera
CVE-2026-57825
+ {DSA-6386-1}
- opam 2.5.2-1
NOTE:
https://github.com/ocaml/security-advisories/blob/main/advisories/2026/OSEC-2026-10.md
NOTE: https://github.com/ocaml/opam/pull/7005
@@ -13858,7 +14195,7 @@ CVE-2026-9072 (IBM WebSphere Application Server and IBM
WebSphere Application Se
NOT-FOR-US: IBM
CVE-2026-9071 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere
Applic ...)
NOT-FOR-US: IBM
-CVE-2026-9029 (The geomap panel's XYZ tile layer has a
sanitize-then-interpolate orde ...)
+CVE-2026-9029 (A user with Editor permissions can place a malicious script in
the att ...)
- grafana <removed>
CVE-2026-9006 (IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to
server- ...)
NOT-FOR-US: IBM
@@ -14145,7 +14482,7 @@ CVE-2026-44913 (Improper escaping of database table
names in the CaptureChangeMy
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44911 (Authorization handling for component configuration
verification reques ...)
NOT-FOR-US: Apache software not packaged in Debian
-CVE-2026-42129 (The Loki datasource plugin's callResource handler contains a
path trav ...)
+CVE-2026-42129 (A user with Viewer permissions can use a path traversal in the
Loki da ...)
NOT-FOR-US: Grafana Labs
CVE-2026-42127 (The public dashboard query endpoint does not limit request
body size b ...)
NOT-FOR-US: Grafana Labs
@@ -14210,7 +14547,7 @@ CVE-2026-10845 (IBM WebSphere Application Server 8.5
and 9.0could allow a remote
NOT-FOR-US: IBM
CVE-2026-10789 (A maliciously crafted webpage, when visited by a user with
Autodesk Fu ...)
NOT-FOR-US: Autodesk
-CVE-2026-10601 (The Tempo and Loki datasource plugins construct backend HTTP
requests ...)
+CVE-2026-10601 (A user with Viewer permissions can use specially crafted
requests to t ...)
NOT-FOR-US: Grafana Labs
CVE-2026-10561 (IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due
to an im ...)
NOT-FOR-US: IBM
@@ -93404,7 +93741,7 @@ CVE-2020-37097 (Edimax EW-7438RPn 1.13 contains an
information disclosure vulner
NOT-FOR-US: Edimax
CVE-2020-37096 (Edimax EW-7438RPn 1.13 contains a cross-site request forgery
vulnerabi ...)
NOT-FOR-US: Edimax
-CVE-2020-37094 (EspoCRM 5.8.5 contains an authentication vulnerability that
allows att ...)
+CVE-2020-37094 (EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token
reuse vu ...)
NOT-FOR-US: EspoCRM
CVE-2020-37093 (Netis E1+ 1.2.32533 contains an information disclosure
vulnerability t ...)
NOT-FOR-US: Netis E1+
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5e295dc3f535f13b751c4911ff47a9ab9308dc4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5e295dc3f535f13b751c4911ff47a9ab9308dc4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits