Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ce467432 by security tracker role at 2026-07-11T19:13:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2026-61870 (ImageMagick before 7.1.2-26 contains a memory leak
vulnerability in th ...)
+ TODO: check
+CVE-2026-61861 (ImageMagick before 7.1.2-26 contains a use-after-free
vulnerability in ...)
+ TODO: check
+CVE-2026-61858 (ImageMagick before 7.1.2-26 contains a policy bypass
vulnerability in ...)
+ TODO: check
+CVE-2026-61857 (ImageMagick before 7.1.2-26 contains a heap use-after-free
vulnerabili ...)
+ TODO: check
+CVE-2026-61465 (ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check
for the a ...)
+ TODO: check
+CVE-2026-61454 (The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before
2.0.4 embed ...)
+ TODO: check
+CVE-2026-61448 (Parse Server is affected by a stored cross-site scripting
(XSS) vulner ...)
+ TODO: check
+CVE-2026-61447 (PraisonAI before 1.6.78 contains a remote code execution
vulnerability ...)
+ TODO: check
+CVE-2026-61445 (PraisonAI before 4.6.78 contains arbitrary file write and
command exec ...)
+ TODO: check
+CVE-2026-61442 (PraisonAI Platform (praisonai-platform) before 0.1.9 fails to
enforce ...)
+ TODO: check
+CVE-2026-61439 (PraisonAI versions before 4.6.78 contain a prompt injection
defense mi ...)
+ TODO: check
+CVE-2026-61429 (PraisonAI versions before 1.6.78 contain a server-side request
forgery ...)
+ TODO: check
+CVE-2026-61428 (PraisonAI AgentMail versions before 4.6.78 lack signature
verification ...)
+ TODO: check
+CVE-2026-61426 (PraisonAI before 1.7.3 contains an insecure default
configuration that ...)
+ TODO: check
+CVE-2026-60090 (PraisonAI before 4.6.78 fails to validate the
caller-controlled dimens ...)
+ TODO: check
+CVE-2026-60088 (PraisonAI before 4.6.78 fails to validate file path references
in cust ...)
+ TODO: check
+CVE-2026-57828 (The Joomla extension Phoca Downloads is vulnerable to an
authenticated ...)
+ TODO: check
+CVE-2026-57827 (The Joomla extension RSFiles is vulnerable to an
unauthenticated arbit ...)
+ TODO: check
+CVE-2026-56763 (Hono before 4.12.7 allows __proto__ key in parseBody with dot
option e ...)
+ TODO: check
+CVE-2026-56372 (ImageMagick before 7.1.2-19 contains a heap buffer overflow
vulnerabil ...)
+ TODO: check
+CVE-2026-56303 (Capgo before 12.128.2 contains an information disclosure
vulnerability ...)
+ TODO: check
+CVE-2026-56296 (Cap-go before 12.128.2 contains an information disclosure
vulnerabilit ...)
+ TODO: check
+CVE-2026-56240 (Capgo before 12.128.12 contains a billing authorization bypass
vulnera ...)
+ TODO: check
+CVE-2026-1359 (The Genolve \u2013 AI image AI video generation plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-10660 (The Bluetooth BAP Broadcast Assistant GATT client in
subsys/bluetooth/ ...)
+ TODO: check
CVE-2026-9738 (The Print, PDF, Email by PrintFriendly plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9726 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce4674320c559b1d2fb5570be4739ec4b246e1a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce4674320c559b1d2fb5570be4739ec4b246e1a1
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits